10 December 2007, 13:04

Linux distributors fix vulnerability in e2fsprogs file system tools

This is one security vulnerability which is likely to be primarily of interest to forensic investigators and data rescue services. As a result of multiple integer overflows in the libext2f Linux library, specially crafted file systems or images can be used to inject malicious code onto a computer performing an analysis and execute it with the user's privileges. According to Linux distributor Ubuntu, calling fsck is sufficient to trigger this condition. The crafted image can for example be located on a hard drive which is to be analysed. All Ext2 Filesystem Utilities (e2fsprogs) programs are affected. Both Ubuntu and Novell have already released new packages for their distributions.

Linux distributors fix vulnerability in e2fsprogs file system tools

Internet Toolkit

SSL for free - step by step

Testing email with encryption

Shortened-breaks

The H Security Conficker information site

Tracking down malware

Health Check: Mandriva

Kernel Log: Linux 2.6.34 goes into testing

The H Update Check

Happenings: FOSS at CeBIT 2010

Of Android and the Fear of Fragmentation

Kernel Log: Stable kernels analysed, Linux without firmware, new graphics drivers

What's new in Linux 2.6.33

Health Check: FreeBSD - "The unknown giant"

New life for dead software

Price Insight Top 10

The H

The H open source

The H Security

The H Internet Toolkit