CVE-2015-0247

Related Files

Gentoo Linux Security Advisory 201701-06

Posted Jan 2, 2017

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-6 - A heap-based buffer overflow in e2fsprogs might allow local attackers to execute arbitrary code. Versions less than 1.42.12 are affected.

tags | advisory, overflow, arbitrary, local

systems | linux, gentoo

advisories | CVE-2015-0247

SHA-256 | 919936e2e33fe436a07cfd1d0c188158eebbb91c508c476c9af0336c9521bd29

Download | Favorite | View

Mandriva Linux Security Advisory 2015-067

Posted Mar 27, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-067 - The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to trigger the vulnerability. The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to trigger the vulnerability. This is due to an incomplete fix for CVE-2015-0247.

tags | advisory, overflow

systems | linux, mandriva

advisories | CVE-2015-0247, CVE-2015-1572

SHA-256 | 38751e11c91900e9c0695d3bf4ae0f4e529f2ae00cfb6443d6a315145ac890e0

Download | Favorite | View

Ubuntu Security Notice USN-2507-1

Posted Feb 24, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2507-1 - Jose Duart discovered that e2fsprogs incorrectly handled invalid block group descriptor data. A local attacker could use this issue with a crafted filesystem image to possibly execute arbitrary code.

tags | advisory, arbitrary, local

systems | linux, ubuntu

advisories | CVE-2015-0247, CVE-2015-1572

SHA-256 | 3de6d17500b7985ce0d6caf535a214a5195595178af020699e992b99fc08fd87

Download | Favorite | View

Debian Security Advisory 3166-1

Posted Feb 23, 2015

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3166-1 - Jose Duart of the Google Security Team discovered a buffer overflow in in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file systems. This issue can possibly lead to arbitrary code execution if a malicious device is plugged in, the system is configured to automatically mount it, and the mounting process chooses to run fsck on the device's malicious filesystem.

tags | advisory, overflow, arbitrary, code execution

systems | linux, debian

advisories | CVE-2015-0247, CVE-2015-1572

SHA-256 | 27227b3cac633bfc9c19baddb259253c2a9c639b7ddd345fada9860a5f161b0c

Download | Favorite | View

Mandriva Linux Security Advisory 2015-045

Posted Feb 12, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-045 - The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to trigger the vulnerability.

tags | advisory, overflow

systems | linux, mandriva

advisories | CVE-2015-0247

SHA-256 | afbd08dd885b278be82cc4c96d75245e87201d6fbcf427b723ce8ce64f54f3c9

Download | Favorite | View

e2fsprogs Input Sanitization

Posted Feb 6, 2015

Authored by Andrea Barisani, Open Source CERT

The e2fsprogs package is a set of open source utilities for ext2, ext3 and ext4 filesytems. The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to trigger the vulnerability. Versions prior to 1.42.12 are affected.

tags | advisory, overflow

advisories | CVE-2015-0247

SHA-256 | f36fd29dba36b61b27140d5e0db103cf8b564838924976443f54919358a022f8

Download | Favorite | View