Debian DSA-1422-1 : e2fsprogs - integer overflows

medium Nessus Plugin ID 29257

Synopsis

The remote Debian host is missing a security-related update.

Description

Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, the ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code.

Solution

Upgrade the e2fsprogs package.

For the stable distribution (etch), this problem has been fixed in version 1.39+1.40-WIP-2006.11.14+dfsg-2etch1.

See Also

https://www.debian.org/security/2007/dsa-1422

Plugin Details

Severity: Medium

ID: 29257

File Name: debian_DSA-1422.nasl

Version: 1.16

Type: local

Agent: unix

Published: 12/11/2007

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:4.0, p-cpe:/a:debian:debian_linux:e2fsprogs

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 12/7/2007

Reference Information

CVE: CVE-2007-5497

CWE: 189

DSA: 1422