diff options
| author | miwi <miwi@FreeBSD.org> | 2007-12-22 05:43:14 +0800 |
|---|---|---|
| committer | miwi <miwi@FreeBSD.org> | 2007-12-22 05:43:14 +0800 |
| commit | aec9c804971fef8b557fb55b179571c8f35b0156 (patch) | |
| tree | 377bbd6eddc07b089785fab4771902bda84fff56 /security/vuxml | |
| parent | aa77512ec2faee1106b5e3f241379f280cf7e77a (diff) | |
| download | freebsd-ports-gnome-aec9c804971fef8b557fb55b179571c8f35b0156.tar.gz freebsd-ports-gnome-aec9c804971fef8b557fb55b179571c8f35b0156.tar.zst freebsd-ports-gnome-aec9c804971fef8b557fb55b179571c8f35b0156.zip | |
- Document e2fsprogs -- heap buffer overflow
PR: 118848 (based on)
Submitted by: Matthias Andree <matthias.andree@gmx.de>
Reviewed by: remko
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 54e8a520c35f..5e19663da6f6 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,43 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="299e3f81-aee7-11dc-b781-0016179b2dd5"> + <topic>e2fsprogs -- heap buffer overflow</topic> + <affects> + <package> + <name>e2fsprogs</name> + <range><lt>1.40.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Theodore Y. Ts'o reports:</p> + <blockquote cite="http://sourceforge.net/project/shownotes.php?group_id=2406&release_id=560230"> + <p>Fix a potential security vulnerability where an untrusted + filesystem can be corrupted in such a way that a program using + libext2fs will allocate a buffer which is far too small. This + can lead to either a crash or potentially a heap-based buffer + overflow crash. No known exploits exist, but main concern is + where an untrusted user who possesses privileged access in a + guest Xen environment could corrupt a filesystem which is then + accessed by thus allowing the untrusted user to gain privileged + access in the host OS. Thanks to the McAfee AVERT Research group + for reporting this issue.</p> + </blockquote> + </body> + </description> + <references> + <bid>26772</bid> + <cvename>CVE-2007-5497</cvename> + <url>http://secunia.com/advisories/27889/</url> + <url>http://sourceforge.net/project/shownotes.php?group_id=2406&release_id=560230</url> + </references> + <dates> + <discovery>2007-12-07</discovery> + <entry>2007-12-20</entry> + </dates> + </vuln> + <vuln vid="8a835235-ae84-11dc-a5f9-001a4d49522b"> <topic>wireshark -- multiple vulnerabilities</topic> <affects> |