Vulnerabilities > CVE-2019-5188 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH local
low complexity
e2fsprogs-project
fedoraproject
debian
canonical
opensuse
netapp
CWE-787
nessus
Summary
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0265-1.NASL description This update for e2fsprogs fixes the following issues : CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133394 published 2020-01-31 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133394 title SUSE SLED15 / SLES15 Security Update : e2fsprogs (SUSE-SU-2020:0265-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0265-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(133394); script_version("1.2"); script_cvs_date("Date: 2020/02/04"); script_cve_id("CVE-2019-5188"); script_name(english:"SUSE SLED15 / SLES15 Security Update : e2fsprogs (SUSE-SU-2020:0265-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for e2fsprogs fixes the following issues : CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1160571" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-5188/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200265-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3f26c242" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 : zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-265=1 SUSE Linux Enterprise Module for Basesystem 15-SP1 : zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-265=1 SUSE Linux Enterprise Module for Basesystem 15 : zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-265=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:e2fsprogs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:e2fsprogs-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:e2fsprogs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:e2fsprogs-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:e2fsprogs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcom_err-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcom_err-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcom_err2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcom_err2-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcom_err2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libext2fs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libext2fs-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libext2fs2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libext2fs2-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libext2fs2-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0/1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"e2fsprogs-32bit-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"e2fsprogs-debugsource-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libcom_err-devel-32bit-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libext2fs-devel-32bit-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libext2fs2-32bit-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libext2fs2-32bit-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"e2fsprogs-32bit-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libcom_err2-32bit-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libcom_err2-32bit-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"e2fsprogs-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"e2fsprogs-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"e2fsprogs-debugsource-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"e2fsprogs-devel-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libcom_err-devel-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libcom_err-devel-static-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libcom_err2-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libcom_err2-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libext2fs-devel-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libext2fs-devel-static-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libext2fs2-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libext2fs2-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"e2fsprogs-32bit-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libcom_err2-32bit-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libcom_err2-32bit-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"e2fsprogs-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"e2fsprogs-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"e2fsprogs-debugsource-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"e2fsprogs-devel-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libcom_err-devel-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libcom_err-devel-static-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libcom_err2-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libcom_err2-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libext2fs-devel-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libext2fs-devel-static-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libext2fs2-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libext2fs2-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"e2fsprogs-32bit-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"e2fsprogs-debugsource-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libcom_err-devel-32bit-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libext2fs-devel-32bit-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libext2fs2-32bit-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libext2fs2-32bit-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"e2fsprogs-32bit-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libcom_err2-32bit-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libcom_err2-32bit-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"e2fsprogs-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"e2fsprogs-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"e2fsprogs-debugsource-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"e2fsprogs-devel-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libcom_err-devel-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libcom_err-devel-static-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libcom_err2-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libcom_err2-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libext2fs-devel-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libext2fs-devel-static-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libext2fs2-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libext2fs2-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"e2fsprogs-32bit-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libcom_err2-32bit-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libcom_err2-32bit-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"e2fsprogs-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"e2fsprogs-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"e2fsprogs-debugsource-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"e2fsprogs-devel-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libcom_err-devel-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libcom_err-devel-static-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libcom_err2-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libcom_err2-debuginfo-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libext2fs-devel-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libext2fs-devel-static-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libext2fs2-1.43.8-4.17.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libext2fs2-debuginfo-1.43.8-4.17.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "e2fsprogs"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2020-A724CC7926.NASL description Fixes ----- A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck. (Addresses CVE-2019-5094) E2fsck now checks to make sure the casefold flag is only set on directories, and only when the casefold feature is enabled. E2fsck will not disable the low dtime checks when using a backup superblock where the last mount time is zero. This fixes a failure in xfstests ext4/007. Fix e2fsck so that when it needs to recreate the root directory, the quota counts are correctly updated. Fix e2scrub_all cron script so it checks to make sure e2scrub_all exists, since the crontab and cron script might stick around after the e2fsprogs package is removed. (Addresses Debian Bug: #932622) Fix e2scrub_all so that it works when the free space is exactly the snapshot size. (Addresses Debian Bug: #935009) Avoid spurious lvm warnings when e2scrub_all is run out of cron on non-systemd systems (Addresses Debian Bug: #940240) Update the man pages to document the new fsverity feature, and improve the documentation for the casefold and encrypt features. E2fsck will no longer force a full file system check if time-based forced checks are disabled and the last mount time or last write time in the superblock are in the future. Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresses CVE-2019-5188) Fixed spurious weekly e-mails when e2scrub_all is run via a cron job on non-systemd systems. (Addresses Debian Bug: #944033) Remove an unnecessary sleep in e2scrub which could add up to an additional two second delay during the boot up. Also, avoid trying to reap aborted snapshots if it has been disabled via e2scrub.conf. (Addresses Debian Bug: #948193) If a mischievous system administrator mounts a pseudo-file system such as tmpfs with a device name that duplicates another mounted file system, this could potentially confuse resize2fs when it needs to find the mount point of a mounted file system. (Who would have guessed?) Add some sanity checking so that we can make libext2fs more robust against such insanity, at least on Linux. (GNU HURD doesn last seen 2020-06-01 modified 2020-06-02 plugin id 133117 published 2020-01-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133117 title Fedora 31 : e2fsprogs (2020-a724cc7926) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2020-a724cc7926. # include("compat.inc"); if (description) { script_id(133117); script_version("1.2"); script_cvs_date("Date: 2020/01/23"); script_cve_id("CVE-2019-5094", "CVE-2019-5188"); script_xref(name:"FEDORA", value:"2020-a724cc7926"); script_name(english:"Fedora 31 : e2fsprogs (2020-a724cc7926)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes ----- A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck. (Addresses CVE-2019-5094) E2fsck now checks to make sure the casefold flag is only set on directories, and only when the casefold feature is enabled. E2fsck will not disable the low dtime checks when using a backup superblock where the last mount time is zero. This fixes a failure in xfstests ext4/007. Fix e2fsck so that when it needs to recreate the root directory, the quota counts are correctly updated. Fix e2scrub_all cron script so it checks to make sure e2scrub_all exists, since the crontab and cron script might stick around after the e2fsprogs package is removed. (Addresses Debian Bug: #932622) Fix e2scrub_all so that it works when the free space is exactly the snapshot size. (Addresses Debian Bug: #935009) Avoid spurious lvm warnings when e2scrub_all is run out of cron on non-systemd systems (Addresses Debian Bug: #940240) Update the man pages to document the new fsverity feature, and improve the documentation for the casefold and encrypt features. E2fsck will no longer force a full file system check if time-based forced checks are disabled and the last mount time or last write time in the superblock are in the future. Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresses CVE-2019-5188) Fixed spurious weekly e-mails when e2scrub_all is run via a cron job on non-systemd systems. (Addresses Debian Bug: #944033) Remove an unnecessary sleep in e2scrub which could add up to an additional two second delay during the boot up. Also, avoid trying to reap aborted snapshots if it has been disabled via e2scrub.conf. (Addresses Debian Bug: #948193) If a mischievous system administrator mounts a pseudo-file system such as tmpfs with a device name that duplicates another mounted file system, this could potentially confuse resize2fs when it needs to find the mount point of a mounted file system. (Who would have guessed?) Add some sanity checking so that we can make libext2fs more robust against such insanity, at least on Linux. (GNU HURD doesn't support st_rdev.) Tune2fs now prohibits enabling or disabling uninit_bg if the file system is mounted, since this could result in the file system getting corrupted, and there is an unfortunate AskUbuntu article suggesting this as a way to modify a file system's UUID on a live file system. (Ext4 now has a way to do this safely, using the metadata_csum_seed feature, which was added in the 4.4 Linux kernel.) Fix potential crash in e2fsck when rebuilding very large directories on file systems which have the new large_dir feature enable. Fix support of 32-bit uid's and gid's in fuse2fs and in mke2fs -d. Fix mke2fs's setting bad blocks to bigalloc file systems. Fix a bug where fuse2fs would incorrectly report the i_blocks fields for bigalloc file systems. Resize2fs's minimum size estimates (via resize2fs -M) estimates are now more accurate when run on mounted file systems. Fixed potential memory leak in read_bitmap() in libext2fs. Fixed various UBsan failures found when fuzzing file system images. (Addresses Google Bug: #128130353) Updated and clarified various man pages. Performance, Internal Implementation, Development Support etc. -------------------------------------------------------------- Fixed various debian packaging issues. (Addresses Debian Bug: #933247, #932874, #932876, #932855, #932859, #932861, #932881, #932888) Fix false positive test failure in f_pre_1970_date_encoding on 32-bit systems with a 64-bit time_t. (Addresses Debian Bug: #932906) Fixed various compiler warnings. (Addresses Google Bug #118836063) Update the Czech, Dutch, French, German, Malay, Polish, Portuguese, Spanish, Swedish, Ukrainian, and Vietnamese translations from the Translation Project. Speed up e2fsck on file systems with a very large number of inodes caused by repeated calls to gettext(). The inode_io io_manager can now support files which are greater than 2GB. The ext2_off_t and ext2_off64_t are now signed types so that ext2fs_file_lseek() and ext2fs_file_llseek() can work correctly. Reserve codepoint for the fast_commit feature. Fixed various Debian packaging issues. Fix portability problems for Illumous and on hurd/i386 (Addresses Debian Bug: #944649) Always compile the ext2fs_swap_* functions even on little-endian architectures, so that debian/libext2fs.symbols can be consistent across architectures. Synchronized changes from Android's AOSP e2fsprogs tree. Updated config.guess and config.sub with newer versions from the FSF. Update the Chinese and Malay translations from the translation project. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a724cc7926" ); script_set_attribute( attribute:"solution", value:"Update the affected e2fsprogs package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:e2fsprogs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/24"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC31", reference:"e2fsprogs-1.45.5-1.fc31")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "e2fsprogs"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0360-1.NASL description This update for e2fsprogs fixes the following issues : CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133598 published 2020-02-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133598 title SUSE SLED12 / SLES12 Security Update : e2fsprogs (SUSE-SU-2020:0360-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0360-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(133598); script_version("1.2"); script_cvs_date("Date: 2020/02/12"); script_cve_id("CVE-2019-5188"); script_name(english:"SUSE SLED12 / SLES12 Security Update : e2fsprogs (SUSE-SU-2020:0360-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for e2fsprogs fixes the following issues : CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1160571" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-5188/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200360-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9ee28e4e" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP5 : zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-360=1 SUSE Linux Enterprise Software Development Kit 12-SP4 : zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-360=1 SUSE Linux Enterprise Server 12-SP5 : zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-360=1 SUSE Linux Enterprise Server 12-SP4 : zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-360=1 SUSE Linux Enterprise Desktop 12-SP4 : zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-360=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:e2fsprogs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:e2fsprogs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:e2fsprogs-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcom_err2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcom_err2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libext2fs2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libext2fs2-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(4|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4/5", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"4", reference:"e2fsprogs-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"e2fsprogs-debuginfo-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"e2fsprogs-debugsource-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libcom_err2-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libcom_err2-debuginfo-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libext2fs2-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libext2fs2-debuginfo-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"e2fsprogs-debuginfo-32bit-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libcom_err2-32bit-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libcom_err2-debuginfo-32bit-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"e2fsprogs-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"e2fsprogs-debuginfo-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"e2fsprogs-debugsource-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"libcom_err2-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"libcom_err2-debuginfo-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"libext2fs2-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"libext2fs2-debuginfo-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"e2fsprogs-debuginfo-32bit-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"libcom_err2-32bit-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"libcom_err2-debuginfo-32bit-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"e2fsprogs-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"e2fsprogs-debuginfo-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"e2fsprogs-debuginfo-32bit-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"e2fsprogs-debugsource-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libcom_err2-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libcom_err2-32bit-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libcom_err2-debuginfo-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libcom_err2-debuginfo-32bit-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libext2fs2-1.43.8-3.11.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libext2fs2-debuginfo-1.43.8-3.11.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "e2fsprogs"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1347.NASL description According to the versions of the e2fsprogs packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.(CVE-2019-5094) - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.(CVE-2019-5188) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-07 modified 2020-04-02 plugin id 135134 published 2020-04-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135134 title EulerOS Virtualization for ARM 64 3.0.6.0 : e2fsprogs (EulerOS-SA-2020-1347) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(135134); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/06"); script_cve_id( "CVE-2019-5094", "CVE-2019-5188" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : e2fsprogs (EulerOS-SA-2020-1347)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the e2fsprogs packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.(CVE-2019-5094) - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.(CVE-2019-5188) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1347 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d21ffebe"); script_set_attribute(attribute:"solution", value: "Update the affected e2fsprogs packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:e2fsprogs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:e2fsprogs-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libcom_err"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libcom_err-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libss"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["e2fsprogs-1.44.3-1.h5.eulerosv2r8", "e2fsprogs-libs-1.44.3-1.h5.eulerosv2r8", "libcom_err-1.44.3-1.h5.eulerosv2r8", "libcom_err-devel-1.44.3-1.h5.eulerosv2r8", "libss-1.44.3-1.h5.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "e2fsprogs"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0268_E2FSPROGS.NASL description An update of the e2fsprogs package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 133469 published 2020-02-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133469 title Photon OS 1.0: E2Fsprogs PHSA-2020-1.0-0268 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2020-1.0-0268. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(133469); script_version("1.2"); script_cvs_date("Date: 2020/02/05"); script_cve_id("CVE-2019-5188"); script_name(english:"Photon OS 1.0: E2Fsprogs PHSA-2020-1.0-0268"); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the e2fsprogs package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-268.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5188"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:e2fsprogs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"e2fsprogs-1.42.13-5.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"e2fsprogs-debuginfo-1.42.13-5.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"e2fsprogs-devel-1.42.13-5.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "e2fsprogs"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1379.NASL description According to the version of the e2fsprogs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.(CVE-2019-5188) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2020-04-15 plugin id 135508 published 2020-04-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135508 title EulerOS 2.0 SP3 : e2fsprogs (EulerOS-SA-2020-1379) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4249-1.NASL description It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133225 published 2020-01-24 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133225 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : e2fsprogs vulnerability (USN-4249-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1287.NASL description According to the versions of the e2fsprogs packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.(CVE-2019-5188) - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.(CVE-2019-5094) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2020-03-23 plugin id 134779 published 2020-03-23 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134779 title EulerOS 2.0 SP8 : e2fsprogs (EulerOS-SA-2020-1287) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0053_E2FSPROGS.NASL description An update of the e2fsprogs package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 133468 published 2020-02-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133468 title Photon OS 3.0: E2Fsprogs PHSA-2020-3.0-0053 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8B61308B322A11EAB34B1DE6FB24355D.NASL description Lilith of Cisco Talos reports : A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Theodore Y. Ts last seen 2020-06-01 modified 2020-06-02 plugin id 132793 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132793 title FreeBSD : e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability (8b61308b-322a-11ea-b34b-1de6fb24355d) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1098.NASL description According to the version of the e2fsprogs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.(CVE-2019-5188) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2020-02-24 plugin id 133899 published 2020-02-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133899 title EulerOS 2.0 SP5 : e2fsprogs (EulerOS-SA-2020-1098) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1515.NASL description According to the versions of the e2fsprogs packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.(CVE-2019-5094) - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.(CVE-2019-5188) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2020-05-01 plugin id 136218 published 2020-05-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136218 title EulerOS Virtualization for ARM 64 3.0.2.0 : e2fsprogs (EulerOS-SA-2020-1515) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2156.NASL description An issue has been found in e2fsprogs, a package that contains ext2/ext3/ext4 file system utilities. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. For Debian 8 last seen 2020-03-28 modified 2020-03-25 plugin id 134880 published 2020-03-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134880 title Debian DLA-2156-1 : e2fsprogs security update NASL family Fedora Local Security Checks NASL id FEDORA_2020-01ED02451F.NASL description Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresses CVE-2019-5188) A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck. (Addresses CVE-2019-5094) Fix potential use after free in calculate_tree() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133420 published 2020-02-03 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133420 title Fedora 30 : e2fsprogs (2020-01ed02451f) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-166.NASL description This update for e2fsprogs fixes the following issues : - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 133492 published 2020-02-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133492 title openSUSE Security Update : e2fsprogs (openSUSE-2020-166)
Talos
id | TALOS-2019-0973 |
last seen | 2020-01-23 |
published | 2020-01-07 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0973 |
title | E2fsprogs e2fsck rehash.c mutate_name() Code Execution Vulnerability |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
- https://usn.ubuntu.com/4249-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html
- https://security.netapp.com/advisory/ntap-20220506-0001/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/