1. CVE-Search
  2. CVE-2007-5497
ID CVE-2007-5497
Summary Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
References
Vulnerable Configurations
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:*:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:*:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.18:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.40.1:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.40.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.08:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.08:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.04:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.04:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.37:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.37:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.07:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.07:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.40:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.40:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.28:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.28:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.21:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.27:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.27:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.29:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.29:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.25:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.25:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.32:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.32:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.35:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.35:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.22:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.34:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.34:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.05:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.05:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.38:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.38:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.19:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.02:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.02:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.20:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.17:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.26:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.26:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.33:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.33:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.39:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.39:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.23:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.24:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.24:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.03:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.03:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.06:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.06:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.30:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.30:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.16:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.09:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.09:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.36:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.36:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.31:*:*:*:*:*:*:*
    cpe:2.3:a:ext2_filesystems_utilities:e2fsprogs:1.31:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 13-02-2023 - 02:18)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
oval via4
accepted 2013-04-29T04:05:20.112-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
family unix
id oval:org.mitre.oval:def:10399
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
version 30
redhat via4
advisories
bugzilla
id 403441
title CVE-2007-5497 e2fsprogs multiple integer overflows
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • comment e2fsprogs is earlier than 0:1.35-12.11.el4_6.1
          oval oval:com.redhat.rhsa:tst:20080003001
        • comment e2fsprogs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080003002
      • AND
        • comment e2fsprogs-devel is earlier than 0:1.35-12.11.el4_6.1
          oval oval:com.redhat.rhsa:tst:20080003003
        • comment e2fsprogs-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080003004
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment e2fsprogs is earlier than 0:1.39-10.el5_1.1
          oval oval:com.redhat.rhsa:tst:20080003006
        • comment e2fsprogs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080003007
      • AND
        • comment e2fsprogs-devel is earlier than 0:1.39-10.el5_1.1
          oval oval:com.redhat.rhsa:tst:20080003008
        • comment e2fsprogs-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080003009
      • AND
        • comment e2fsprogs-libs is earlier than 0:1.39-10.el5_1.1
          oval oval:com.redhat.rhsa:tst:20080003010
        • comment e2fsprogs-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080003011
rhsa
id RHSA-2008:0003
released 2008-01-07
severity Moderate
title RHSA-2008:0003: e2fsprogs security update (Moderate)
rpms
  • e2fsprogs-0:1.26-1.73
  • e2fsprogs-0:1.32-15.4
  • e2fsprogs-0:1.35-12.11.el4_6.1
  • e2fsprogs-0:1.39-10.el5_1.1
  • e2fsprogs-debuginfo-0:1.32-15.4
  • e2fsprogs-debuginfo-0:1.35-12.11.el4_6.1
  • e2fsprogs-debuginfo-0:1.39-10.el5_1.1
  • e2fsprogs-devel-0:1.26-1.73
  • e2fsprogs-devel-0:1.32-15.4
  • e2fsprogs-devel-0:1.35-12.11.el4_6.1
  • e2fsprogs-devel-0:1.39-10.el5_1.1
  • e2fsprogs-libs-0:1.39-10.el5_1.1
refmap via4
bid 26772
bugtraq
  • 20080212 FLEA-2008-0005-1 e2fsprogs
  • 20080303 VMSA-2008-0004 Low: Updated e2fsprogs service console package
confirm
debian DSA-1422
fedora
  • FEDORA-2007-4447
  • FEDORA-2007-4461
hp
  • HPSBMA02554
  • SSRT100018
mandriva MDKSA-2007:242
mlist [Security-announce] 20080303 VMSA-2008-0004 Low: Updated e2fsprogs service console package
sectrack 1019537
secunia
  • 27889
  • 27965
  • 27987
  • 28000
  • 28030
  • 28042
  • 28360
  • 28541
  • 28648
  • 29224
  • 32774
  • 40551
suse SUSE-SR:2007:025
ubuntu USN-555-1
vupen
  • ADV-2007-4135
  • ADV-2008-0761
  • ADV-2010-1796
xf e2fsprogs-libext2fs-integer-overflow(38903)
Last major update 13-02-2023 - 02:18
Published 07-12-2007 - 11:46
Last modified 13-02-2023 - 02:18
Back to Top