Rapid7 Vulnerability & Exploit Database

CESA-2008:0003: RHSA-2008:0003

Back to Search

CESA-2008:0003: RHSA-2008:0003

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
12/07/2007
Created
07/25/2018
Added
03/12/2010
Modified
08/29/2017

Description

Moderate: e2fsprogs security updateThe e2fsprogs packages contain a number of utilities for creating,checking, modifying, and correcting any inconsistencies in second and thirdextended (ext2/ext3) file systems.Multiple integer overflow flaws were found in the way e2fsprogs processesfile system content. If a victim opens a carefully crafted file system witha program using e2fsprogs, it may be possible to execute arbitrary codewith the permissions of the victim. It may be possible to leverage thisflaw in a virtualized environment to gain access to other virtualizedhosts. (CVE-2007-5497)Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research forresponsibly disclosing these issues.Users of e2fsprogs are advised to upgrade to these updated packages, whichcontain a backported patch to resolve these issues.

Solution(s)

  • centos-upgrade-e2fsprogs
  • centos-upgrade-e2fsprogs-devel
  • centos-upgrade-e2fsprogs-libs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;