Test ID:	1.3.6.1.4.1.25623.1.0.59957
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 1422-1 (e2fsprogs)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to e2fsprogs announced via advisory DSA 1422-1. Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1.39+1.40-WIP-2006.11.14+dfsg-2etch1. For the unstable distribution (sid), this problem will be fixed shortly. We recommend that you upgrade your e2fsprogs package. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%201422-1 CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5497 BugTraq ID: 26772 http://www.securityfocus.com/bid/26772 Bugtraq: 20080212 FLEA-2008-0005-1 e2fsprogs (Google Search) http://www.securityfocus.com/archive/1/487999/100/0/threaded Bugtraq: 20080303 VMSA-2008-0004 Low: Updated e2fsprogs service console package (Google Search) http://www.securityfocus.com/archive/1/489082/100/0/threaded Debian Security Information: DSA-1422 (Google Search) http://www.debian.org/security/2007/dsa-1422 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00618.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00629.html HPdes Security Advisory: HPSBMA02554 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 HPdes Security Advisory: SSRT100018 http://www.mandriva.com/security/advisories?name=MDKSA-2007:242 http://lists.vmware.com/pipermail/security-announce/2008/000007.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10399 http://www.redhat.com/support/errata/RHSA-2008-0003.html http://www.securitytracker.com/id?1019537 http://secunia.com/advisories/27889 http://secunia.com/advisories/27965 http://secunia.com/advisories/27987 http://secunia.com/advisories/28000 http://secunia.com/advisories/28030 http://secunia.com/advisories/28042 http://secunia.com/advisories/28360 http://secunia.com/advisories/28541 http://secunia.com/advisories/28648 http://secunia.com/advisories/29224 http://secunia.com/advisories/32774 http://secunia.com/advisories/40551 SuSE Security Announcement: SUSE-SR:2007:025 (Google Search) http://www.novell.com/linux/security/advisories/2007_25_sr.html http://www.ubuntu.com/usn/usn-555-1 http://www.vupen.com/english/advisories/2007/4135 http://www.vupen.com/english/advisories/2008/0761 http://www.vupen.com/english/advisories/2010/1796 XForce ISS Database: e2fsprogs-libext2fs-integer-overflow(38903) https://exchange.xforce.ibmcloud.com/vulnerabilities/38903
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.