Vulnerability CVE-2007-5497

Vulnerability Name:

CVE-2007-5497 (CCN-38903)

Assigned:

2007-12-05

Published:

2007-12-05

Updated:

2023-02-13

Summary:

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-190

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-5497

Source: CCN
Type: SourceForge.net
Welcome to the E2fsprogs Sourceforge Page

Source: CCN
Type: HP Security Bulletin HPSBMA02554 SSRT100018
HP Insight Control for Linux, Remote Execution of Arbitrary Code, Remote Denial of Service (DoS), Remote Unauthorized Access

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2008-0003
Moderate: e2fsprogs security update

Source: CCN
Type: SA27889
e2fsprogs libext2fs Integer Overflow Vulnerabilities

Source: CCN
Type: SA28648
Avaya Products e2fsprogs Integer Overflow Vulnerabilities

Source: CCN
Type: SA29224
VMware ESX Server update for e2fsprogs

Source: CCN
Type: SA32774
Citrix XenServer Ext2/Ext3 Processing Security Bypass Vulnerability

Source: CCN
Type: SA40551
HP Insight Control Suite For Linux Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1019537
E2fsprogs Buffer Overflow in libext2fs Lets Local Users Gain Elevated Privileges

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: ASA-2008-040
e2fsprogs security update (RHSA-2008-0003)

Source: CCN
Type: CTX118766
Vulnerability in XenServer could result in privilege escalation and arbitrary code execution

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: DEBIAN
Type: DSA-1422
e2fsprogs -- integer overfows

Source: CCN
Type: GLSA-200712-13
E2fsprogs: Multiple buffer overflows

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-26772
Ext2 Filesystem Utilities e2fsprogs libext2fs Multiple Unspecified Integer Overflow Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: USN-555-1
e2fsprogs vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Vmware Web site
Archives for VMware ESX Server 2.x

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
e2fsprogs-libext2fs-integer-overflow(38903)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: SUSE
Type: SUSE-SR:2007:025
SUSE Security Summary Report

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20075497	V	CVE-2007-5497	2022-06-30
oval:org.opensuse.security:def:42293	P	Security update for kernel-firmware (Moderate)	2022-05-25
oval:org.opensuse.security:def:112180	P	e2fsprogs-1.46.4-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26227	P	Security update for the Linux Kernel (Important)	2022-01-13
oval:org.opensuse.security:def:31373	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:31721	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:32246	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:31720	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:31316	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:26168	P	Security update for the Linux Kernel (Important)	2021-11-19
oval:org.opensuse.security:def:33038	P	Security update for bind (Important)	2021-11-08
oval:org.opensuse.security:def:26154	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:105712	P	e2fsprogs-1.46.4-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:32190	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:26115	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:32173	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:31672	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:31666	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:31241	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:31663	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:31224	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:26089	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:42094	P	Security update for ovmf (Important)	2021-06-24
oval:org.opensuse.security:def:32129	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:36114	P	e2fsprogs-1.41.9-2.14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36393	P	e2fsprogs-devel-1.41.9-2.14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42521	P	e2fsprogs-1.41.9-2.14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26066	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:32107	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:31616	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:31167	P	Security update for java-1_7_0-openjdk (Moderate)	2021-04-29
oval:org.opensuse.security:def:31156	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:31155	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:31609	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:32068	P	Security update for spamassassin (Important)	2021-04-12
oval:org.opensuse.security:def:26212	P	Security update for python3 (Moderate)	2021-03-19
oval:org.opensuse.security:def:31365	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31353	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:31354	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:33077	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:26146	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:32019	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:31092	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:35886	P	e2fsprogs-1.41.9-2.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25970	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:35538	P	e2fsprogs-1.41.9-2.1.51 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35687	P	e2fsprogs-1.41.9-2.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41945	P	e2fsprogs-1.41.9-2.1.51 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31007	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25523	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:26674	P	boost-license on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25867	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:25815	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31909	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26885	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25089	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:32295	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:27356	P	GraphicsMagick on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26005	P	Security update for libcdio (Moderate)	2020-12-01
oval:org.opensuse.security:def:25917	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:31975	P	Security update for jasper (Important)	2020-12-01
oval:org.opensuse.security:def:25101	P	Security update for procps (Important)	2020-12-01
oval:org.opensuse.security:def:26293	P	Security update for raptor (Important)	2020-12-01
oval:org.opensuse.security:def:32356	P	Security update for squid3 (Important)	2020-12-01
oval:org.opensuse.security:def:25437	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31571	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:32652	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25942	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:25293	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31807	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26381	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25512	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:31947	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26652	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25954	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25431	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26439	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:25721	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25719	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:31782	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31580	P	Security update for syslog-ng (Moderate)	2020-12-01
oval:org.opensuse.security:def:26013	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:27112	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25238	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:26368	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:25807	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32464	P	Security update for xorg-x11-libXrender (Moderate)	2020-12-01
oval:org.opensuse.security:def:31592	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26284	P	Security update for taglib (Low)	2020-12-01
oval:org.opensuse.security:def:25250	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:31465	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26572	P	kdelibs4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25865	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:25664	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:31798	P	Security update for OpenEXR (Moderate)	2020-12-01
oval:org.opensuse.security:def:31765	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32850	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31006	P	Security update for java-1_6_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25442	P	Security update for libcaca (Moderate)	2020-12-01
oval:org.opensuse.security:def:32034	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26660	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26538	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25739	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25515	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:31870	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:26850	P	LibVNCServer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31018	P	Security update for java-1_7_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25580	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:26718	P	hplip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25948	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:25868	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:31931	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:25090	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:26240	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32334	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:27391	P	e2fsprogs-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25436	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:31439	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31460	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:25956	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32613	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25165	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:31522	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:26342	P	Security update for openjpeg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32400	P	Security update for vim (Important)	2020-12-01
oval:org.opensuse.security:def:25448	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26014	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25943	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25374	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:31963	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:26395	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:25640	P	Security update for libqt5-qtsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25666	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31760	P	Security update for MozillaFirefox (Critical)	2020-12-01
oval:org.opensuse.security:def:26687	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26018	P	Security update for freerdp (Important)	2020-12-01
oval:org.opensuse.security:def:25862	P	Recommended update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:27077	P	acpid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25778	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25768	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31826	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:31581	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:25239	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26519	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25821	P	Security update for lhasa (Moderate)	2020-12-01
oval:org.opensuse.security:def:32503	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25663	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:32811	P	xterm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25314	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:26621	P	openswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26503	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25675	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31890	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:31821	P	Security update for avahi (Moderate)	2020-12-01
oval:org.mitre.oval:def:17552	P	USN-555-1 -- e2fsprogs vulnerability	2014-06-30
oval:org.mitre.oval:def:20105	P	DSA-1422-1 e2fsprogs - arbitrary code execution	2014-06-23
oval:org.mitre.oval:def:22590	P	ELSA-2008:0003: e2fsprogs security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:10399	V	Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.	2013-04-29
oval:com.redhat.rhsa:def:20080003	P	RHSA-2008:0003: e2fsprogs security update (Moderate)	2008-01-28
oval:org.debian:def:1422	V	integer overflows	2007-12-07

BACK