Bug 37743 - e2fsprogs: Buffer overflow (ES 3.2)
Summary: e2fsprogs: Buffer overflow (ES 3.2)
Status: CLOSED WONTFIX
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 4.0
Hardware: Other Linux
: P4 normal
Target Milestone: UCS 3.2-x-errata
Assignee: UCS maintainers
QA Contact:
URL:
Keywords:
Depends on:
Blocks: 37744
  Show dependency treegraph
 
Reported: 2015-02-10 07:32 CET by Moritz Muehlenhoff
Modified: 2019-04-11 19:24 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Customer ID: 01997_IN8
Max CVSS v3 score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2015-02-10 07:32:31 CET 
CVE-2015-0247

A buffer overflow in processing malformed ext2 filesystems might result in the execution of arbitrary code.

This has low impact; exploiting it would require a significant amount of social engineering.
Comment 1 Arvid Requate univentionstaff 2015-02-23 14:55:32 CET 
CVE-2015-0247: potential buffer overflow in closefs()  (incomplete fix for above)
Comment 2 Arvid Requate univentionstaff 2015-02-24 18:59:03 CET 
This should have been:

CVE-2015-1572: incomplete fix for CVE-2015-0247
Comment 3 Arvid Requate univentionstaff 2015-05-06 17:20:42 CEST 
Fixed in upstream Debian package version 1.41.12-4+deb6u2