Lucene search
UbuntuUSN-2507-1HistoryFeb 23, 2015 - 12:00 a.m.
e2fsprogs vulnerabilities
2015-02-2300:00:00
ubuntu.com
48
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
9.6
Confidence
High
EPSS
0.001
Percentile
20.1%
Releases
- Ubuntu 14.10
- Ubuntu 14.04 ESM
- Ubuntu 12.04
- Ubuntu 10.04
Packages
- e2fsprogs - ext2/ext3/ext4 file system utilities
Details
Jose Duart discovered that e2fsprogs incorrectly handled invalid block
group descriptor data. A local attacker could use this issue with a
crafted filesystem image to possibly execute arbitrary code.
(CVE-2015-0247, CVE-2015-1572)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.10 | noarch | e2fsprogs | < 1.42.10-1.1ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | comerr-dev | < 2.1-1.42.10-1.1ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | e2fsck-static | < 1.42.10-1.1ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | e2fslibs | < 1.42.10-1.1ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | e2fslibs-dbg | < 1.42.10-1.1ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | e2fslibs-dev | < 1.42.10-1.1ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | e2fsprogs-dbg | < 1.42.10-1.1ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | e2fsprogs-udeb | < 1.42.10-1.1ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libcomerr2 | < 1.42.10-1.1ubuntu1.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libcomerr2-dbg | < 1.42.10-1.1ubuntu1.2 | UNKNOWN |
Related
nessus
nessus
SUSE SLED15 / SLES15 Security Update : e2fsprogs (SUSE-SU-2018:1987-1)
2019-01-02 00:00:00
Debian DSA-3166-1 : e2fsprogs - security update
2015-02-24 00:00:00
SUSE SLED12 / SLES12 Security Update : e2fsprogs (SUSE-SU-2015:1341-1)
2015-08-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: e2fsprogs-1.42.12-3.fc20
2015-03-04 10:34:39
[SECURITY] Fedora 21 Update: e2fsprogs-1.42.12-3.fc21
2015-03-04 10:23:11
[SECURITY] Fedora 20 Update: e2fsprogs-1.42.12-2.fc20
2015-02-21 04:24:39
prion
prion
Heap overflow
2015-02-24 15:59:00
Heap overflow
2015-02-17 15:59:00
debian
debian
[SECURITY] [DSA 3166-1] e2fsprogs security update
2015-02-22 05:39:23
[SECURITY] [DLA 162-1] e2fsprogs security update
2015-02-28 21:24:00
[SECURITY] [DSA 3166-1] e2fsprogs security update
2015-02-22 05:39:23
osv
osv
e2fsprogs - security update
2015-02-22 00:00:00
e2fsprogs - security update
2015-02-28 00:00:00
e2fsprogs - security update
2015-02-16 00:00:00
cvelist
cvelist
CVE-2015-1572
2015-02-24 15:00:00
CVE-2015-0247
2015-02-17 15:00:00
ubuntucve
ubuntucve
CVE-2015-1572
2015-02-16 00:00:00
CVE-2015-0247
2015-02-17 00:00:00
securityvulns
securityvulns
[USN-2507-1] e2fsprogs vulnerabilities
2015-03-08 00:00:00
libext2fs / e2fsprogs buffer overflow
2015-03-08 00:00:00
[oCERT-2015-002] e2fsprogs input sanitization errors
2015-02-16 00:00:00
suse
suse
Security update for e2fsprogs (important)
2015-06-23 16:03:02
Security update for e2fsprogs (moderate)
2018-07-28 16:05:25
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0088)
2022-01-28 00:00:00
Fedora Update for e2fsprogs FEDORA-2015-2511
2015-03-05 00:00:00
Debian: Security Advisory (DLA-162-1)
2023-03-08 00:00:00
debiancve
debiancve
CVE-2015-1572
2015-02-24 15:59:05
CVE-2015-0247
2015-02-17 15:59:02
mageia
mageia
Updated e2fsprogs packages fix CVE-2015-1572
2015-02-26 11:26:53
Updated e2fsprogs packages fix CVE-2015-0247
2015-02-11 23:47:51
cve
cve
CVE-2015-1572
2015-02-24 15:59:05
CVE-2015-0247
2015-02-17 15:59:02
nvd
nvd
CVE-2015-1572
2015-02-24 15:59:05
CVE-2015-0247
2015-02-17 15:59:02
gentoo
gentoo
e2fsprogs: Heap-based buffer overflow
2017-01-01 00:00:00
e2fsprogs: Arbitrary code execution
2015-07-23 00:00:00
veracode
veracode
Buffer Overflow
2018-07-30 09:23:14
archlinux
archlinux
e2fsprogs: arbitrary code execution
2015-03-12 00:00:00
amazon
amazon
Low: e2fsprogs
2015-06-16 10:26:00
Medium: e2fsprogs
2015-02-11 19:36:00
freebsd
freebsd
e2fsprogs -- potential buffer overflow in closefs()
2015-02-06 00:00:00
e2fsprogs -- buffer overflow if s_first_meta_bg too big
2014-08-09 00:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
9.6
Confidence
High
EPSS
0.001
Percentile
20.1%
Related for USN-2507-1