FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| 299e3f81-aee7-11dc-b781-0016179b2dd5 | e2fsprogs -- heap buffer overflow
Theodore Y. Ts'o reports:
Fix a potential security vulnerability where an untrusted
filesystem can be corrupted in such a way that a program using
libext2fs will allocate a buffer which is far too small. This
can lead to either a crash or potentially a heap-based buffer
overflow crash. No known exploits exist, but main concern is
where an untrusted user who possesses privileged access in a
guest Xen environment could corrupt a filesystem which is then
accessed by thus allowing the untrusted user to gain privileged
access in the host OS. Thanks to the McAfee AVERT Research group
for reporting this issue.
Discovery 2007-12-07
Entry 2007-12-20
e2fsprogs
< 1.40.3
26772
CVE-2007-5497
http://secunia.com/advisories/27889/
http://sourceforge.net/project/shownotes.php?group_id=2406&release_id=560230
|