FreeBSD : e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability (8b61308b-322a-11ea-b34b-1de6fb24355d)

medium Nessus Plugin ID 132793

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Lilith of Cisco Talos reports :

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Theodore Y. Ts'o reports :

E2fsprogs 1.45.5 [...:] Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables.
(Addresses CVE-2019-5188)

Solution

Update the affected package.

See Also

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973

http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5

http://www.nessus.org/u?f5c38475

Plugin Details

Severity: Medium

ID: 132793

File Name: freebsd_pkg_8b61308b322a11eab34b1de6fb24355d.nasl

Version: 1.5

Type: local

Published: 1/13/2020

Updated: 4/1/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-5188

CVSS v3

Risk Factor: Medium

Base Score: 6.7

Temporal Score: 6

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:e2fsprogs, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/8/2020

Vulnerability Publication Date: 12/18/2019

Reference Information

CVE: CVE-2019-5188