Re: [SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution

Hi Steve,
* Steve Kemp <skx@debian.org> [2007-12-07 14:32]:
> ------------------------------------------------------------------------
> Debian Security Advisory DSA-1422 security@debian.org
> http://www.debian.org/security/ Steve Kemp
> December 07, 2007 http://www.debian.org/security/faq
> ------------------------------------------------------------------------
>
> Package : e2fsprogs
> Vulnerability : integer overfows
> Problem type : local
> Debian-specific: no
> CVE Id(s) : CVE-2007-5497
>
> Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs,
> ext2 file system utilities and libraries, contained multiple
> integer overflows in memory allocations, based on sizes taken directly
> from filesystem information. These could result in heap-based
> overflows potentially allowing the execution of arbitrary code.
>
> For the stable distribution (etch), this problem has been fixed in version
> 1.39+1.40-WIP-2006.11.14+dfsg-2etch1.

[...]

e2fsck/swapfs.c:        retval = ext2fs_get_mem(fs->blocksize * fs->inode_blocks_per_group,
resize/resize2fs.c:     retval = ext2fs_get_mem(fs->blocksize * fs->inode_blocks_per_group,
resize/resize2fs.c:             retval = ext2fs_get_mem(fs->blocksize *
resize/resize2fs.c:     retval = ext2fs_get_mem(rfs->old_fs->blocksize * 3, &block_buf);
resize/extent.c:        retval = ext2fs_get_mem(sizeof(struct ext2_extent_entry) *

What about those, are they unimportant? They are still present in the etch code. I stumbled upon them while preparing a testing-security upload. Kind regards
Nico

-- 
Nico Golde - 
http://www.ngolde.de - 
nion(at)jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

-- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org