In association with heise online

10 December 2007, 12:04

Linux distributors fix vulnerability in e2fsprogs file system tools

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

This is one security vulnerability which is likely to be primarily of interest to forensic investigators and data rescue services. As a result of multiple integer overflows in the libext2f Linux library, specially crafted file systems or images can be used to inject malicious code onto a computer performing an analysis and execute it with the user's privileges. According to Linux distributor Ubuntu, calling fsck is sufficient to trigger this condition. The crafted image can for example be located on a hard drive which is to be analysed. All Ext2 Filesystem Utilities (e2fsprogs) programs are affected. Both Ubuntu and Novell have already released new packages for their distributions.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit