Executive Summary
Summary | |
---|---|
Title | E2fsprogs: Multiple buffer overflows |
Informations | |||
---|---|---|---|
Name | GLSA-200712-13 | First vendor Publication | 2007-12-18 |
Vendor | Gentoo | Last vendor Modification | 2007-12-18 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple heap-based buffer overflows in E2fsprogs could result in the execution of arbitrary code. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-200712-13.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200712-13.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10399 | |||
Oval ID: | oval:org.mitre.oval:def:10399 | ||
Title: | Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. | ||
Description: | Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5497 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17552 | |||
Oval ID: | oval:org.mitre.oval:def:17552 | ||
Title: | USN-555-1 -- e2fsprogs vulnerability | ||
Description: | Rafal Wojtczuk discovered multiple integer overflows in e2fsprogs. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-555-1 CVE-2007-5497 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | e2fsprogs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17679 | |||
Oval ID: | oval:org.mitre.oval:def:17679 | ||
Title: | USN-557-1 -- libgd2 vulnerability | ||
Description: | Mattias Bengtsson and Philip Olausson discovered that the GD library did not properly perform bounds checking when creating images. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-557-1 CVE-2007-3996 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | libgd2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20105 | |||
Oval ID: | oval:org.mitre.oval:def:20105 | ||
Title: | DSA-1422-1 e2fsprogs - arbitrary code execution | ||
Description: | Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, the ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1422-1 CVE-2007-5497 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | e2fsprogs |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22590 | |||
Oval ID: | oval:org.mitre.oval:def:22590 | ||
Title: | ELSA-2008:0003: e2fsprogs security update (Moderate) | ||
Description: | Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0003-01 CVE-2007-5497 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | e2fsprogs |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.2.5 File : nvt/nopsec_php_5_2_5.nasl |
2009-10-19 | Name : Mandrake Security Advisory MDVSA-2009:264 (gd) File : nvt/mdksa_2009_264.nasl |
2009-10-10 | Name : SLES9: Security update for e2fsprogs File : nvt/sles9p5017085.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015662.nasl |
2009-10-10 | Name : SLES9: Security update for e2fsprogs File : nvt/sles9p5011593.nasl |
2009-06-05 | Name : Ubuntu USN-720-1 (php5) File : nvt/ubuntu_720_1.nasl |
2009-06-05 | Name : Ubuntu USN-719-1 (libpam-krb5) File : nvt/ubuntu_719_1.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:187 (php) File : nvt/gb_mandriva_MDKSA_2007_187.nasl |
2009-04-09 | Name : Mandriva Update for e2fsprogs MDKSA-2007:242 (e2fsprogs) File : nvt/gb_mandriva_MDKSA_2007_242.nasl |
2009-03-23 | Name : Ubuntu Update for e2fsprogs vulnerability USN-555-1 File : nvt/gb_ubuntu_USN_555_1.nasl |
2009-03-23 | Name : Ubuntu Update for libgd2 vulnerability USN-557-1 File : nvt/gb_ubuntu_USN_557_1.nasl |
2009-03-06 | Name : RedHat Update for e2fsprogs RHSA-2008:0003-01 File : nvt/gb_RHSA-2008_0003-01_e2fsprogs.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-709 File : nvt/gb_fedora_2007_709_php_fc6.nasl |
2009-02-27 | Name : CentOS Update for e2fsprogs CESA-2008:0003-05 centos2 i386 File : nvt/gb_CESA-2008_0003-05_e2fsprogs_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for e2fsprogs CESA-2008:0003 centos4 x86_64 File : nvt/gb_CESA-2008_0003_e2fsprogs_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for e2fsprogs CESA-2008:0003 centos3 i386 File : nvt/gb_CESA-2008_0003_e2fsprogs_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for e2fsprogs CESA-2008:0003 centos4 i386 File : nvt/gb_CESA-2008_0003_e2fsprogs_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for e2fsprogs CESA-2008:0003 centos3 x86_64 File : nvt/gb_CESA-2008_0003_e2fsprogs_centos3_x86_64.nasl |
2009-02-24 | Name : Fedora Update for e2fsprogs FEDORA-2007-4447 File : nvt/gb_fedora_2007_4447_e2fsprogs_fc8.nasl |
2009-02-24 | Name : Fedora Update for e2fsprogs FEDORA-2007-4461 File : nvt/gb_fedora_2007_4461_e2fsprogs_fc7.nasl |
2009-01-23 | Name : SuSE Update for php4, php5 SUSE-SA:2008:004 File : nvt/gb_suse_2008_004.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-02 (php) File : nvt/glsa_200710_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200712-13 (e2fsprogs) File : nvt/glsa_200712_13.nasl |
2008-09-04 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php51.nasl |
2008-09-04 | Name : FreeBSD Ports: e2fsprogs File : nvt/freebsd_e2fsprogs.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1613-1 (libgd2) File : nvt/deb_1613_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1422-1 (e2fsprogs) File : nvt/deb_1422_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40161 | e2fsprogs libext2fs Crafted Filesystem Image Arbitrary Remote Code Execution |
36870 | PHP libgd Multiple Functions Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0003.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080107_e2fsprogs_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070926_php_on_SL3.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070920_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12049.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12019.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11997.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0004.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-720-1.nasl - Type : ACT_GATHER_INFO |
2008-07-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1613.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-4909.nasl - Type : ACT_GATHER_INFO |
2008-01-21 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4447.nasl - Type : ACT_GATHER_INFO |
2008-01-21 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4461.nasl - Type : ACT_GATHER_INFO |
2008-01-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0003.nasl - Type : ACT_GATHER_INFO |
2008-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0003.nasl - Type : ACT_GATHER_INFO |
2008-01-08 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-4810.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-4808.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_299e3f81aee711dcb7810016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2007-12-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-557-1.nasl - Type : ACT_GATHER_INFO |
2007-12-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200712-13.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_e2fsprogs-4743.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-242.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1422.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-555-1.nasl - Type : ACT_GATHER_INFO |
2007-12-07 | Name : The remote openSUSE host is missing a security update. File : suse_e2fsprogs-4739.nasl - Type : ACT_GATHER_INFO |
2007-11-12 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_5.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0888.nasl - Type : ACT_GATHER_INFO |
2007-10-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-02.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
2007-09-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
2007-09-25 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-709.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-187.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_71d903fc602d11dc898c001921ab2fa4.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:35:24 |
|