[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution

* Nico Golde <nion@debian.org> [2007-12-07 18:32]:
> > Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs,
> > ext2 file system utilities and libraries, contained multiple
> > integer overflows in memory allocations, based on sizes taken directly
> > from filesystem information.  These could result in heap-based
> > overflows potentially allowing the execution of arbitrary code.
> > 
> > For the stable distribution (etch), this problem has been fixed in version
> > 1.39+1.40-WIP-2006.11.14+dfsg-2etch1.
> [...] 
> e2fsck/swapfs.c:        retval = ext2fs_get_mem(fs->blocksize * fs->inode_blocks_per_group,
> resize/resize2fs.c:     retval = ext2fs_get_mem(fs->blocksize * fs->inode_blocks_per_group,
> resize/resize2fs.c:             retval = ext2fs_get_mem(fs->blocksize *
> resize/resize2fs.c:     retval = ext2fs_get_mem(rfs->old_fs->blocksize * 3, &block_buf);
> resize/extent.c:        retval = ext2fs_get_mem(sizeof(struct ext2_extent_entry) *
> What about those, are they unimportant? They are still present in the etch code. I stumbled
> upon them while preparing a testing-security upload.

Sorry, this mail was originally only addressed to Steve but 
since I also got this mail through the debian-security list 
it ended up here now :)
Anyway, I looked again into these and from my point of view 
the released DSA is incomplete, I fixed those for 
testing-security by using get_mem_array as well.
Kind regards
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpIB5q_6SU0w.pgp
Description: PGP signature

Reply to: