FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability

Affected packages
e2fsprogs < 1.45.5

Details

VuXML ID 8b61308b-322a-11ea-b34b-1de6fb24355d
Discovery 2019-12-18
Entry 2020-01-08

Lilith of Cisco Talos reports:

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

[source]

Theodore Y. Ts'o reports:

E2fsprogs 1.45.5 [...:] Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresses CVE-2019-5188)

[source]

References

CVE Name CVE-2019-5188
URL http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5
URL https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.