Security News > 2020 > January > Remote Code Execution Flaw Impacts E2fsprogs Filesystem Utility
2020-01-10 16:22
An out-of-bounds write bug in the E2fsprogs filesystem utility could lead to remote code execution, Cisco Talos security researchers reveal.
The hash entries for the hash tree are contained within hash entry struct, while the number of hash entries is contained within num array.
A temporary stack buffer is used to temporarily store mutated names to write them to the disk later on, and the utility then iterates over each hash entry struct.
C mutate name() function, resulting in the directory rehashing functionality being abused for code execution.
A specially crafted ext4 directory could be used to cause an out-of-bounds write on the stack, leading to code execution.