10 December 2007, 12:04

Linux distributors fix vulnerability in e2fsprogs file system tools

This is one security vulnerability which is likely to be primarily of interest to forensic investigators and data rescue services. As a result of multiple integer overflows in the libext2f Linux library, specially crafted file systems or images can be used to inject malicious code onto a computer performing an analysis and execute it with the user's privileges. According to Linux distributor Ubuntu, calling fsck is sufficient to trigger this condition. The crafted image can for example be located on a hard drive which is to be analysed. All Ext2 Filesystem Utilities (e2fsprogs) programs are affected. Both Ubuntu and Novell have already released new packages for their distributions.

Channels

Services

Linux distributors fix vulnerability in e2fsprogs file system tools

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit