National Cyber Awareness System

Vulnerability Summary for CVE-2007-5497

Overview

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: FEDORA

Name: FEDORA-2007-4461

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00629.html

External Source: FEDORA

Name: FEDORA-2007-4447

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00618.html

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-2011

Hyperlink:https://issues.rpath.com/browse/RPL-2011

External Source: XF

Name: e2fsprogs-libext2fs-integer-overflow(38903)

Hyperlink:http://xforce.iss.net/xforce/xfdb/38903

External Source: VUPEN

Name: ADV-2010-1796

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1796

External Source: VUPEN

Name: ADV-2008-0761

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2008/0761

External Source: VUPEN

Name: ADV-2007-4135

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2007/4135

External Source: CONFIRM

Name: http://www.vmware.com/security/advisories/VMSA-2008-0004.html

Hyperlink:http://www.vmware.com/security/advisories/VMSA-2008-0004.html

External Source: UBUNTU

Name: USN-555-1

Hyperlink:http://www.ubuntu.com/usn/usn-555-1

External Source: SECTRACK

Name: 1019537

Hyperlink:http://www.securitytracker.com/id?1019537

External Source: BID

Name: 26772

Hyperlink:http://www.securityfocus.com/bid/26772

External Source: BUGTRAQ

Name: 20080303 VMSA-2008-0004 Low: Updated e2fsprogs service console package

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/489082/100/0/threaded

External Source: BUGTRAQ

Name: 20080212 FLEA-2008-0005-1 e2fsprogs

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/487999/100/0/threaded

External Source: REDHAT

Name: RHSA-2008:0003

Type: Advisory

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0003.html

External Source: SUSE

Name: SUSE-SR:2007:025

Hyperlink:http://www.novell.com/linux/security/advisories/2007_25_sr.html

External Source: MANDRIVA

Name: MDKSA-2007:242

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:242

External Source: DEBIAN

Name: DSA-1422

Hyperlink:http://www.debian.org/security/2007/dsa-1422

External Source: CONFIRM

Name: http://wiki.rpath.com/Advisories:rPSA-2007-0262

Hyperlink:http://wiki.rpath.com/Advisories:rPSA-2007-0262

External Source: CONFIRM

Name: http://support.citrix.com/article/CTX118766

Hyperlink:http://support.citrix.com/article/CTX118766

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2008-040.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2008-040.htm

External Source: CONFIRM

Name: http://sourceforge.net/project/shownotes.php?release_id=560230&group_id=2406

Hyperlink:http://sourceforge.net/project/shownotes.php?release_id=560230&group_id=2406

External Source: SECUNIA

Name: 40551

Type: Advisory

Hyperlink:http://secunia.com/advisories/40551

External Source: SECUNIA

Name: 32774

Hyperlink:http://secunia.com/advisories/32774

External Source: SECUNIA

Name: 29224

Type: Advisory

Hyperlink:http://secunia.com/advisories/29224

External Source: SECUNIA

Name: 28648

Type: Advisory

Hyperlink:http://secunia.com/advisories/28648

External Source: SECUNIA

Name: 28541

Type: Advisory

Hyperlink:http://secunia.com/advisories/28541

External Source: SECUNIA

Name: 28360

Type: Advisory

Hyperlink:http://secunia.com/advisories/28360

External Source: SECUNIA

Name: 28042

Type: Advisory

Hyperlink:http://secunia.com/advisories/28042

External Source: SECUNIA

Name: 28030

Type: Advisory

Hyperlink:http://secunia.com/advisories/28030

External Source: SECUNIA

Name: 28000

Type: Advisory

Hyperlink:http://secunia.com/advisories/28000

External Source: SECUNIA

Name: 27987

Type: Advisory

Hyperlink:http://secunia.com/advisories/27987

External Source: SECUNIA

Name: 27965

Type: Advisory

Hyperlink:http://secunia.com/advisories/27965

External Source: SECUNIA

Name: 27889

Type: Advisory

Hyperlink:http://secunia.com/advisories/27889

External Source: OVAL

Name: oval:org.mitre.oval:def:10399

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10399

External Source: MLIST

Name: [Security-announce] 20080303 VMSA-2008-0004 Low: Updated e2fsprogs service console package

Hyperlink:http://lists.vmware.com/pipermail/security-announce/2008/000007.html

External Source: HP

Name: HPSBMA02554

Hyperlink:http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083

External Source: HP

Name: HPSBMA02554

Hyperlink:http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083

References to Check Content

Identifier:oval:org.mitre.oval:def:10399

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10399