FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

e2fsprogs -- buffer overflow if s_first_meta_bg too big

Affected packages
e2fsprogs < 1.42.12

Details

VuXML ID 0f488b7b-bbb9-11e4-903c-080027ef73ec
Discovery 2014-08-09
Entry 2015-02-24

Theodore Ts'o reports:

If s_first_meta_bg is greater than the of number block group descriptor blocks, then reading or writing the block group descriptors will end up overruning the memory buffer allocated for the descriptors.

The finding is credited to a vulnerability report from Jose Duart of Google Security Team <jduart AT google.com> and was reported through oCERT-2015-002.

References

CVE Name CVE-2015-0247
URL http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
URL http://www.ocert.org/advisories/ocert-2015-002.html
URL https://bugzilla.redhat.com/show_bug.cgi?id=1187032