Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1572

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2015-1572
Last Modified 31 Mar 2015 10:00:26
Published 24 Feb 2015 10:59:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2015-1572

Summary

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 14.04

  • Canonical Ubuntu Linux 14.10

  • Debian Linux 7.0

Application

  • E2fsprogs Project E2fsprogs 1.42.11


References

CONFIRM - https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73

DEBIAN - DSA-3166

UBUNTU - USN-2507-1

FEDORA - FEDORA-2015-2516

FEDORA - FEDORA-2015-2511

MANDRIVA - MDVSA-2015:068

MANDRIVA - MDVSA-2015:067

CONFIRM - http://advisories.mageia.org/MGASA-2015-0088.html

Related Patches

Novell SUSE 2015:10815 e2fsprogs security update for SLES 11 SP3 i586

Novell SUSE 2015:10815 e2fsprogs security update for SLES 11 SP3 x86_64

Novell SUSE 2015:10815 e2fsprogs security update for SLE 11 SP3 i586

Novell SUSE 2015:10815 e2fsprogs security update for SLE 11 SP3 x86_64


Last Updated: 27 May 2016 11:08:16