Arch Linux Security Advisory ASA-201503-8 ========================================= Severity: Medium Date : 2015-03-12 CVE-ID : CVE-2015-1572 Package : e2fsprogs Type : arbitrary code execution Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package e2fsprogs before version 1.42.12-2 is vulnerable to heap buffer overflow leading to arbitrary code execution. Resolution ========== Upgrade to 1.42.12-2. # pacman -Syu "e2fsprogs>=1.42.12-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== If corrupted file system didn't trip over some corruption check, and then the file system was modified via tune2fs or debugfs, such that the superblock was marked dirty and then written out via the closefs() path, it's possible that the buffer overrun could be triggered when the file system is closed. This issue can lead to arbitrary code execution if a malicious device is plugged in and the mounting process chooses to run fsck (or other application using the ext2fs library) on the device's malicious filesystem. Impact ====== A local attacker is able to execute arbitrary code with a plugged in malicious device by causing a crafted block group descriptor to be marked as dirty and then accessed by an application using the ext2fs library like fsck. References ========== https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1572 https://bugs.archlinux.org/task/44015