Vulnerabilities > CVE-2007-5497 - Numeric Errors vulnerability in Ext2 Filesystems Utilities E2Fsprogs
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2007-4461.NASL description This update fixes : - Bug #414571 - CVE-2007-5497 e2fsprogs multiple integer overflows [F7] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30026 published 2008-01-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30026 title Fedora 7 : e2fsprogs-1.40.2-3.fc7 (2007-4461) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-4461. # include("compat.inc"); if (description) { script_id(30026); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2007-5497"); script_bugtraq_id(26772); script_xref(name:"FEDORA", value:"2007-4461"); script_name(english:"Fedora 7 : e2fsprogs-1.40.2-3.fc7 (2007-4461)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes : - Bug #414571 - CVE-2007-5497 e2fsprogs multiple integer overflows [F7] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=414571" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/006982.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?61f20840" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:e2fsprogs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:e2fsprogs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:e2fsprogs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:e2fsprogs-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"e2fsprogs-1.40.2-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"e2fsprogs-debuginfo-1.40.2-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"e2fsprogs-devel-1.40.2-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"e2fsprogs-libs-1.40.2-3.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "e2fsprogs / e2fsprogs-debuginfo / e2fsprogs-devel / e2fsprogs-libs"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0003.NASL description Updated e2fsprogs packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The e2fsprogs packages contain a number of utilities for creating, checking, modifying, and correcting any inconsistencies in second and third extended (ext2/ext3) file systems. Multiple integer overflow flaws were found in the way e2fsprogs processes file system content. If a victim opens a carefully crafted file system with a program using e2fsprogs, it may be possible to execute arbitrary code with the permissions of the victim. It may be possible to leverage this flaw in a virtualized environment to gain access to other virtualized hosts. (CVE-2007-5497) Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for responsibly disclosing these issues. Users of e2fsprogs are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29876 published 2008-01-08 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29876 title RHEL 2.1 / 3 / 4 / 5 : e2fsprogs (RHSA-2008:0003) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0003. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(29876); script_version ("1.27"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-5497"); script_bugtraq_id(26772); script_xref(name:"RHSA", value:"2008:0003"); script_name(english:"RHEL 2.1 / 3 / 4 / 5 : e2fsprogs (RHSA-2008:0003)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated e2fsprogs packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The e2fsprogs packages contain a number of utilities for creating, checking, modifying, and correcting any inconsistencies in second and third extended (ext2/ext3) file systems. Multiple integer overflow flaws were found in the way e2fsprogs processes file system content. If a victim opens a carefully crafted file system with a program using e2fsprogs, it may be possible to execute arbitrary code with the permissions of the victim. It may be possible to leverage this flaw in a virtualized environment to gain access to other virtualized hosts. (CVE-2007-5497) Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for responsibly disclosing these issues. Users of e2fsprogs are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5497" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0003" ); script_set_attribute( attribute:"solution", value: "Update the affected e2fsprogs, e2fsprogs-devel and / or e2fsprogs-libs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:e2fsprogs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:e2fsprogs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:e2fsprogs-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/12/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0003"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"e2fsprogs-1.26-1.73")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"e2fsprogs-devel-1.26-1.73")) flag++; if (rpm_check(release:"RHEL3", reference:"e2fsprogs-1.32-15.4")) flag++; if (rpm_check(release:"RHEL3", reference:"e2fsprogs-devel-1.32-15.4")) flag++; if (rpm_check(release:"RHEL4", reference:"e2fsprogs-1.35-12.11.el4_6.1")) flag++; if (rpm_check(release:"RHEL4", reference:"e2fsprogs-devel-1.35-12.11.el4_6.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"e2fsprogs-1.39-10.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"e2fsprogs-1.39-10.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"e2fsprogs-1.39-10.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", reference:"e2fsprogs-devel-1.39-10.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", reference:"e2fsprogs-libs-1.39-10.el5_1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "e2fsprogs / e2fsprogs-devel / e2fsprogs-libs"); } }NASL family Scientific Linux Local Security Checks NASL id SL_20080107_E2FSPROGS_ON_SL5_X.NASL description Multiple integer overflow flaws were found in the way e2fsprogs processes file system content. If a victim opens a carefully crafted file system with a program using e2fsprogs, it may be possible to execute arbitrary code with the permissions of the victim. It may be possible to leverage this flaw in a virtualized environment to gain access to other virtualized hosts. (CVE-2007-5497) last seen 2020-06-01 modified 2020-06-02 plugin id 60340 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60340 title Scientific Linux Security Update : e2fsprogs on SL5.x, SL4.x, SL3.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60340); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2007-5497"); script_name(english:"Scientific Linux Security Update : e2fsprogs on SL5.x, SL4.x, SL3.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple integer overflow flaws were found in the way e2fsprogs processes file system content. If a victim opens a carefully crafted file system with a program using e2fsprogs, it may be possible to execute arbitrary code with the permissions of the victim. It may be possible to leverage this flaw in a virtualized environment to gain access to other virtualized hosts. (CVE-2007-5497)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0801&L=scientific-linux-errata&T=0&P=78 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cc502800" ); script_set_attribute( attribute:"solution", value: "Update the affected e2fsprogs, e2fsprogs-devel and / or e2fsprogs-libs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL3", reference:"e2fsprogs-1.32-15.4")) flag++; if (rpm_check(release:"SL3", reference:"e2fsprogs-devel-1.32-15.4")) flag++; if (rpm_check(release:"SL4", cpu:"i386", reference:"e2fsprogs-1.35-12.11.el4_6.1")) flag++; if (rpm_check(release:"SL4", cpu:"x86_64", reference:"e2fsprogs-1.35-12.11.el4.1")) flag++; if (rpm_check(release:"SL4", cpu:"i386", reference:"e2fsprogs-devel-1.35-12.11.el4_6.1")) flag++; if (rpm_check(release:"SL4", cpu:"x86_64", reference:"e2fsprogs-devel-1.35-12.11.el4.1")) flag++; if (rpm_check(release:"SL5", reference:"e2fsprogs-1.39-10.el5_1.1")) flag++; if (rpm_check(release:"SL5", reference:"e2fsprogs-devel-1.39-10.el5_1.1")) flag++; if (rpm_check(release:"SL5", reference:"e2fsprogs-libs-1.39-10.el5_1.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0003.NASL description From Red Hat Security Advisory 2008:0003 : Updated e2fsprogs packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The e2fsprogs packages contain a number of utilities for creating, checking, modifying, and correcting any inconsistencies in second and third extended (ext2/ext3) file systems. Multiple integer overflow flaws were found in the way e2fsprogs processes file system content. If a victim opens a carefully crafted file system with a program using e2fsprogs, it may be possible to execute arbitrary code with the permissions of the victim. It may be possible to leverage this flaw in a virtualized environment to gain access to other virtualized hosts. (CVE-2007-5497) Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for responsibly disclosing these issues. Users of e2fsprogs are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67630 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67630 title Oracle Linux 3 / 4 / 5 : e2fsprogs (ELSA-2008-0003) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0003 and # Oracle Linux Security Advisory ELSA-2008-0003 respectively. # include("compat.inc"); if (description) { script_id(67630); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2007-5497"); script_bugtraq_id(26772); script_xref(name:"RHSA", value:"2008:0003"); script_name(english:"Oracle Linux 3 / 4 / 5 : e2fsprogs (ELSA-2008-0003)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0003 : Updated e2fsprogs packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The e2fsprogs packages contain a number of utilities for creating, checking, modifying, and correcting any inconsistencies in second and third extended (ext2/ext3) file systems. Multiple integer overflow flaws were found in the way e2fsprogs processes file system content. If a victim opens a carefully crafted file system with a program using e2fsprogs, it may be possible to execute arbitrary code with the permissions of the victim. It may be possible to leverage this flaw in a virtualized environment to gain access to other virtualized hosts. (CVE-2007-5497) Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for responsibly disclosing these issues. Users of e2fsprogs are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-January/000470.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-January/000472.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-January/000473.html" ); script_set_attribute( attribute:"solution", value:"Update the affected e2fsprogs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:e2fsprogs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:e2fsprogs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:e2fsprogs-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/12/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4 / 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"e2fsprogs-1.32-15.4")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"e2fsprogs-1.32-15.4")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"e2fsprogs-devel-1.32-15.4")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"e2fsprogs-devel-1.32-15.4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"e2fsprogs-1.35-12.11.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"e2fsprogs-1.35-12.11.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"e2fsprogs-devel-1.35-12.11.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"e2fsprogs-devel-1.35-12.11.el4_6.1")) flag++; if (rpm_check(release:"EL5", reference:"e2fsprogs-1.39-10.el5_1.1")) flag++; if (rpm_check(release:"EL5", reference:"e2fsprogs-devel-1.39-10.el5_1.1")) flag++; if (rpm_check(release:"EL5", reference:"e2fsprogs-libs-1.39-10.el5_1.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "e2fsprogs / e2fsprogs-devel / e2fsprogs-libs"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200712-13.NASL description The remote host is affected by the vulnerability described in GLSA-200712-13 (E2fsprogs: Multiple buffer overflows) Rafal Wojtczuk (McAfee AVERT Research) discovered multiple integer overflows in libext2fs, that are triggered when processing information from within the file system, resulting in heap-based buffer overflows. Impact : An attacker could entice a user to process a specially crafted ext2 or ext3 file system image (with tools linking against libext2fs, e.g. fsck, forensic tools or Xen last seen 2020-06-01 modified 2020-06-02 plugin id 29733 published 2007-12-19 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29733 title GLSA-200712-13 : E2fsprogs: Multiple buffer overflows NASL family SuSE Local Security Checks NASL id SUSE9_11997.NASL description This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. (CVE-2007-5497) last seen 2020-06-01 modified 2020-06-02 plugin id 41168 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41168 title SuSE9 Security Update : e2fsprogs (YOU Patch Number 11997) NASL family SuSE Local Security Checks NASL id SUSE_E2FSPROGS-4739.NASL description This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. (CVE-2007-5497) last seen 2020-06-01 modified 2020-06-02 plugin id 29243 published 2007-12-07 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29243 title openSUSE 10 Security Update : e2fsprogs (e2fsprogs-4739) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0003.NASL description Updated e2fsprogs packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The e2fsprogs packages contain a number of utilities for creating, checking, modifying, and correcting any inconsistencies in second and third extended (ext2/ext3) file systems. Multiple integer overflow flaws were found in the way e2fsprogs processes file system content. If a victim opens a carefully crafted file system with a program using e2fsprogs, it may be possible to execute arbitrary code with the permissions of the victim. It may be possible to leverage this flaw in a virtualized environment to gain access to other virtualized hosts. (CVE-2007-5497) Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for responsibly disclosing these issues. Users of e2fsprogs are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29901 published 2008-01-10 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29901 title CentOS 3 / 4 / 5 : e2fsprogs (CESA-2008:0003) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_299E3F81AEE711DCB7810016179B2DD5.NASL description Theodore Y. Ts last seen 2020-06-01 modified 2020-06-02 plugin id 29769 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29769 title FreeBSD : e2fsprogs -- heap buffer overflow (299e3f81-aee7-11dc-b781-0016179b2dd5) NASL family SuSE Local Security Checks NASL id SUSE_E2FSPROGS-4743.NASL description This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. (CVE-2007-5497) last seen 2020-06-01 modified 2020-06-02 plugin id 29415 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29415 title SuSE 10 Security Update : e2fsprogs (ZYPP Patch Number 4743) NASL family SuSE Local Security Checks NASL id SUSE9_12019.NASL description This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. (CVE-2007-5497) last seen 2020-06-01 modified 2020-06-02 plugin id 41177 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41177 title SuSE9 Security Update : e2fsprogs (YOU Patch Number 12019) NASL family Fedora Local Security Checks NASL id FEDORA_2007-4447.NASL description This update fixes : - Bug #414581 - CVE-2007-5497 e2fsprogs multiple integer overflows [F8] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30025 published 2008-01-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30025 title Fedora 8 : e2fsprogs-1.40.2-12.fc8 (2007-4447) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-555-1.NASL description Rafal Wojtczuk discovered multiple integer overflows in e2fsprogs. If a user or automated system were tricked into fscking a malicious ext2/ext3 filesystem, a remote attacker could execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 29305 published 2007-12-11 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29305 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : e2fsprogs vulnerability (USN-555-1) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0004.NASL description Updated e2fsprogs package address multiple integer overflow flaws Thanks to Rafal Wojtczuk of McAfee Avert Research for identifying and reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5497 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 40375 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40375 title VMSA-2008-0004 : Low: Updated e2fsprogs service console package NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-242.NASL description Rafal Wojtczuk of McAfee AVERT Research found that e2fsprogs contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These flaws could result in heap-based overflows potentially allowing for the execution of arbitrary code. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29299 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29299 title Mandrake Linux Security Advisory : e2fsprogs (MDKSA-2007:242) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1422.NASL description Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, the ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 29257 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29257 title Debian DSA-1422-1 : e2fsprogs - integer overflows
Oval
| accepted | 2013-04-29T04:05:20.112-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10399 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://www.novell.com/linux/security/advisories/2007_25_sr.html
- http://sourceforge.net/project/shownotes.php?release_id=560230&group_id=2406
- http://www.debian.org/security/2007/dsa-1422
- http://www.ubuntu.com/usn/usn-555-1
- http://www.securityfocus.com/bid/26772
- http://secunia.com/advisories/27889
- http://secunia.com/advisories/27987
- http://secunia.com/advisories/28000
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:242
- http://secunia.com/advisories/28042
- https://issues.rpath.com/browse/RPL-2011
- http://www.redhat.com/support/errata/RHSA-2008-0003.html
- http://secunia.com/advisories/28030
- http://secunia.com/advisories/27965
- http://secunia.com/advisories/28360
- http://support.avaya.com/elmodocs2/security/ASA-2008-040.htm
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00618.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00629.html
- http://secunia.com/advisories/28541
- http://secunia.com/advisories/28648
- http://wiki.rpath.com/Advisories:rPSA-2007-0262
- http://lists.vmware.com/pipermail/security-announce/2008/000007.html
- http://www.vmware.com/security/advisories/VMSA-2008-0004.html
- http://secunia.com/advisories/29224
- http://www.securitytracker.com/id?1019537
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
- http://www.vupen.com/english/advisories/2010/1796
- http://secunia.com/advisories/40551
- http://www.vupen.com/english/advisories/2008/0761
- http://www.vupen.com/english/advisories/2007/4135
- http://secunia.com/advisories/32774
- http://support.citrix.com/article/CTX118766
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38903
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10399
- http://www.securityfocus.com/archive/1/489082/100/0/threaded
- http://www.securityfocus.com/archive/1/487999/100/0/threaded