|Category:||Red Hat Local Security Checks|
|Title:||RedHat Security Advisory RHSA-2008:0003|
The remote host is missing updates announced in
The e2fsprogs packages contain a number of utilities for creating,
checking, modifying, and correcting any inconsistencies in second and third
extended (ext2/ext3) file systems.
Multiple integer overflow flaws were found in the way e2fsprogs processes
file system content. If a victim opens a carefully crafted file system with
a program using e2fsprogs, it may be possible to execute arbitrary code
with the permissions of the victim. It may be possible to leverage this
flaw in a virtualized environment to gain access to other virtualized
Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for
responsibly disclosing these issues.
Users of e2fsprogs are advised to upgrade to these updated packages, which
contain a backported patch to resolve these issues.
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2007-5497|
BugTraq ID: 26772
Bugtraq: 20080212 FLEA-2008-0005-1 e2fsprogs (Google Search)
Bugtraq: 20080303 VMSA-2008-0004 Low: Updated e2fsprogs service console package (Google Search)
Debian Security Information: DSA-1422 (Google Search)
HPdes Security Advisory: HPSBMA02554
HPdes Security Advisory: SSRT100018
SuSE Security Announcement: SUSE-SR:2007:025 (Google Search)
XForce ISS Database: e2fsprogs-libext2fs-integer-overflow(38903)
|Copyright||Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.