Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2156.NASLHistoryMar 25, 2020 - 12:00 a.m.
Debian DLA-2156-1 : e2fsprogs security update
2020-03-2500:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.5%
An issue has been found in e2fsprogs, a package that contains ext2/ext3/ext4 file system utilities. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
For Debian 8 ‘Jessie’, this problem has been fixed in version 1.42.12-2+deb8u2.
We recommend that you upgrade your e2fsprogs packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2156-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(134880);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/21");
script_cve_id("CVE-2019-5188");
script_name(english:"Debian DLA-2156-1 : e2fsprogs security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
script_set_attribute(attribute:"description", value:
"An issue has been found in e2fsprogs, a package that contains
ext2/ext3/ext4 file system utilities. A specially crafted ext4
directory can cause an out-of-bounds write on the stack, resulting in
code execution. An attacker can corrupt a partition to trigger this
vulnerability.
For Debian 8 'Jessie', this problem has been fixed in version
1.42.12-2+deb8u2.
We recommend that you upgrade your e2fsprogs packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/jessie/e2fsprogs");
script_set_attribute(attribute:"solution", value:
"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5188");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:comerr-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:e2fsck-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:e2fslibs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:e2fslibs-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:e2fslibs-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:e2fsprogs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:e2fsprogs-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:e2fsprogs-udeb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcomerr2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcomerr2-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libss2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libss2-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ss-dev");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"8.0", prefix:"comerr-dev", reference:"1.42.12-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"e2fsck-static", reference:"1.42.12-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"e2fslibs", reference:"1.42.12-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"e2fslibs-dbg", reference:"1.42.12-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"e2fslibs-dev", reference:"1.42.12-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"e2fsprogs", reference:"1.42.12-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"e2fsprogs-dbg", reference:"1.42.12-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"e2fsprogs-udeb", reference:"1.42.12-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libcomerr2", reference:"1.42.12-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libcomerr2-dbg", reference:"1.42.12-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libss2", reference:"1.42.12-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libss2-dbg", reference:"1.42.12-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"ss-dev", reference:"1.42.12-2+deb8u2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | comerr-dev | p-cpe:/a:debian:debian_linux:comerr-dev |
| debian | debian_linux | e2fsck-static | p-cpe:/a:debian:debian_linux:e2fsck-static |
| debian | debian_linux | e2fslibs | p-cpe:/a:debian:debian_linux:e2fslibs |
| debian | debian_linux | e2fslibs-dbg | p-cpe:/a:debian:debian_linux:e2fslibs-dbg |
| debian | debian_linux | e2fslibs-dev | p-cpe:/a:debian:debian_linux:e2fslibs-dev |
| debian | debian_linux | e2fsprogs | p-cpe:/a:debian:debian_linux:e2fsprogs |
| debian | debian_linux | e2fsprogs-dbg | p-cpe:/a:debian:debian_linux:e2fsprogs-dbg |
| debian | debian_linux | e2fsprogs-udeb | p-cpe:/a:debian:debian_linux:e2fsprogs-udeb |
| debian | debian_linux | libcomerr2 | p-cpe:/a:debian:debian_linux:libcomerr2 |
| debian | debian_linux | libcomerr2-dbg | p-cpe:/a:debian:debian_linux:libcomerr2-dbg |
Related
nessus
nessus
EulerOS Virtualization 3.0.6.0 : e2fsprogs (EulerOS-SA-2020-1736)
2020-07-01 00:00:00
EulerOS Virtualization 3.0.2.2 : e2fsprogs (EulerOS-SA-2020-2214)
2020-10-21 00:00:00
Photon OS 1.0: E2Fsprogs PHSA-2020-1.0-0268
2020-02-04 00:00:00
ubuntucve
ubuntucve
CVE-2019-5188
2020-01-08 00:00:00
cvelist
cvelist
CVE-2019-5188
2020-01-08 15:45:09
openvas
openvas
Huawei EulerOS: Security Advisory for e2fsprogs (EulerOS-SA-2020-1098)
2020-02-24 00:00:00
Debian: Security Advisory (DLA-2156-1)
2020-03-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0360-1)
2021-04-19 00:00:00
suse
suse
Security update for e2fsprogs (moderate)
2020-02-04 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-10-01 03:56:17
osv
osv
e2fsprogs - security update
2020-03-24 00:00:00
e2fsprogs - security update
2020-07-26 00:00:00
CVE-2019-5188
2020-01-08 16:15:11
debiancve
debiancve
CVE-2019-5188
2020-01-08 16:15:11
talosblog
talosblog
Vulnerability Spotlight: Code execution vulnerability in E2fsprogs
2020-01-14 11:31:08
mageia
mageia
Updated e2fsprogs packages fix security vulnerability
2020-01-17 13:16:50
ubuntu
ubuntu
e2fsprogs vulnerability
2020-01-23 00:00:00
freebsd
freebsd
e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability
2019-12-18 00:00:00
debian
debian
[SECURITY] [DLA 2290-1] e2fsprogs security update
2020-07-26 15:19:45
[SECURITY] [DLA 2156-1] e2fsprogs security update
2020-03-24 21:04:06
talos
talos
E2fsprogs e2fsck rehash.c mutate_name() Code Execution Vulnerability
2020-01-07 00:00:00
redhatcve
redhatcve
CVE-2019-5188
2020-01-11 15:09:44
cbl_mariner
cbl_mariner
CVE-2019-5188 affecting package e2fsprogs 1.44.6-4
2021-01-29 07:39:17
nvd
nvd
CVE-2019-5188
2020-01-08 16:15:11
alpinelinux
alpinelinux
CVE-2019-5188
2020-01-08 16:15:11
cloudfoundry
cloudfoundry
USN-4249-1: e2fsprogs vulnerability | Cloud Foundry
2020-02-12 00:00:00
cve
cve
CVE-2019-5188
2020-01-08 16:15:11
prion
prion
Remote code execution
2020-01-08 16:15:00
amazon
amazon
Medium: e2fsprogs
2021-01-12 22:51:00
Medium: e2fsprogs
2020-10-22 17:27:00
Medium: e2fsprogs
2020-12-16 20:31:00
redhat
redhat
(RHSA-2020:4011) Moderate: e2fsprogs security and bug fix update
2020-09-29 07:51:33
fedora
fedora
[SECURITY] Fedora 30 Update: e2fsprogs-1.44.6-2.fc30
2020-02-02 01:53:44
[SECURITY] Fedora 31 Update: e2fsprogs-1.45.5-1.fc31
2020-01-21 01:40:08
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-1.0-0268
2020-01-31 00:00:00
Important Photon OS Security Update - PHSA-2020-0053
2020-01-31 00:00:00
Critical Photon OS Security Update - PHSA-2020-0268
2020-01-31 00:00:00
oraclelinux
oraclelinux
e2fsprogs security and bug fix update
2020-10-06 00:00:00
centos
centos
e2fsprogs, libcom_err, libss security update
2020-10-20 17:55:15
f5
f5
K06014092 : E2fsprogs vulnerabilities CVE-2019-5094 and CVE-2019-5188
2022-03-14 00:00:00
ibm
ibm
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.5%
Related for DEBIAN_DLA-2156.NASL