Vulnerability CVE-2019-5094

Vulnerability Name:

CVE-2019-5094 (CCN-167547)

Assigned:

2019-08-27

Published:

2019-08-27

Updated:

2022-06-27

Summary:

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

CVSS v3 Severity:

6.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.4 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-787

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2019-5094

Source: CCN
Type: E2fsprogs Web site
Release 1.45.4 of e2fsprogs is available!

Source: XF
Type: UNKNOWN
e2fsprogs-cve20195094-code-exec(167547)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20190928 [SECURITY] [DLA 1935-1] e2fsprogs security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-a724cc7926

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-01ed02451f

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20190929 [SECURITY] [DSA 4535-1] e2fsprogs security update

Source: GENTOO
Type: Third Party Advisory
GLSA-202003-05

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20200115-0002/

Source: MISC
Type: Exploit, Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887

Source: UBUNTU
Type: Third Party Advisory
USN-4142-1

Source: UBUNTU
Type: Third Party Advisory
USN-4142-2

Source: DEBIAN
Type: Third Party Advisory
DSA-4535

Source: CCN
Type: IBM Security Bulletin 6408856 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6408858 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6441625 (QRadar Network Security)
IBM QRadar Network Security is affected by multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6455281 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities

Source: CCN
Type: Talos Vulnerability Report TALOS-2019-0887
E2fsprogs quotaio_tree.c report_tree() code execution vulnerability

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-5094

Vulnerable Configuration:

Configuration 1:

cpe:/a:e2fsprogs_project:e2fsprogs:*:*:*:*:*:*:*:* (Version >= 1.43.3 and <= 1.45.3)

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:30:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

OR cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

Configuration 5:

cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:e2fsprogs_project:e2fsprogs:1.43.3:*:*:*:*:*:*:*

OR cpe:/a:e2fsprogs_project:e2fsprogs:1.45.3:*:*:*:*:*:*:*

AND

cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_network_security:5.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_network_security:5.5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.0:-:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:p5:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.1:patch1:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.2:p1:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20195094	V	CVE-2019-5094	2023-06-22
oval:org.opensuse.security:def:7487	P	e2fsprogs-1.46.4-150400.3.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:643	P	Security update for python-paramiko (Important) (in QA)	2022-09-30
oval:org.opensuse.security:def:3059	P	e2fsprogs-1.43.8-3.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3479	P	e2fsprogs-1.43.8-3.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2912	P	e2fsprogs-1.46.4-150400.1.80 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94542	P	e2fsprogs-1.46.4-150400.1.80 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:48	P	e2fsprogs-1.43.8-4.26.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:977	P	Security update for lapack (Moderate)	2022-03-21
oval:org.opensuse.security:def:100412	P	(Important)	2022-02-04
oval:org.opensuse.security:def:112180	P	e2fsprogs-1.46.4-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:8693	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:10378	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:8684	P	Security update for clamav (Moderate)	2021-12-06
oval:org.opensuse.security:def:8675	P	Security update for netcdf (Important)	2021-11-25
oval:org.opensuse.security:def:10359	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:69735	P	Security update for grilo (Important)	2021-10-06
oval:org.opensuse.security:def:10344	P	Security update for webkit2gtk3 (Important)	2021-10-04
oval:org.opensuse.security:def:105712	P	e2fsprogs-1.46.4-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:8393	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:6704	P	Security update for the Linux Kernel (Live Patch 22 for SLE 15) (Important)	2021-09-16
oval:org.opensuse.security:def:8642	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:14878	P	e2fsprogs-1.43.8-3.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47998	P	e2fsprogs-1.43.8-3.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:100824	P	e2fsprogs-1.43.8-4.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62066	P	e2fsprogs-1.43.8-4.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71807	P	e2fsprogs-1.43.8-4.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:6691	P	Security update for the Linux Kernel (Live Patch 23 for SLE 15) (Important)	2021-07-27
oval:org.opensuse.security:def:9366	P	Security update for curl (Moderate)	2021-07-21
oval:org.opensuse.security:def:8385	P	Security update for the Linux Kernel (Important)	2021-06-28
oval:org.opensuse.security:def:6682	P	Security update for the Linux Kernel (Live Patch 18 for SLE 15) (Important)	2021-06-18
oval:org.opensuse.security:def:9344	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:6673	P	Security update for the Linux Kernel (Live Patch 20 for SLE 15) (Important)	2021-05-25
oval:org.opensuse.security:def:10251	P	Security update for sca-patterns-sle11 (Important)	2021-05-04
oval:org.opensuse.security:def:11202	P	Security update for python-django-registration (Moderate)	2021-04-23
oval:org.opensuse.security:def:69630	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:10229	P	Security update for tomcat (Important)	2021-03-30
oval:org.opensuse.security:def:10221	P	Security update for python (Moderate)	2021-03-11
oval:org.opensuse.security:def:8706	P	Security update for salt (Critical)	2021-02-26
oval:org.opensuse.security:def:11180	P	Security update for mumble (Moderate)	2021-02-19
oval:org.opensuse.security:def:6459	P	Security update for the Linux Kernel (Important)	2021-02-09
oval:org.opensuse.security:def:10297	P	Security update for go1.14 (Moderate)	2021-01-26
oval:org.opensuse.security:def:8617	P	Security update for nodejs8 (Moderate)	2021-01-26
oval:org.opensuse.security:def:61732	P	e2fsprogs-1.43.8-4.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12872	P	e2fsprogs-1.43.8-3.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49030	P	libpolkit0-32bit-0.113-5.18.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116636	P	e2fsprogs-1.43.8-4.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71473	P	e2fsprogs-1.43.8-4.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:93699	P	e2fsprogs-1.43.8-4.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16716	P	e2fsprogs-devel-1.43.8-3.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107078	P	e2fsprogs-1.43.8-4.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3880	P	e2fsprogs-devel-1.43.8-3.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:37450	P	groff on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36647	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6640	P	imobiledevice-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38174	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8542	P	vsftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37494	P	libXp6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36731	P	perl-LWP-Protocol-https on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6391	P	libjbig2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:7364	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36867	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6413	P	libpango-1_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49084	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66287	P	Security update for ffmpeg (Important)	2020-12-01
oval:org.opensuse.security:def:36968	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:72952	P	Security update for ffmpeg (Low)	2020-12-01
oval:org.opensuse.security:def:10453	P	hplip-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37025	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6506	P	sblim-sfcb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8415	P	libmms0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10520	P	libmspack-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36635	P	libXfont1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10478	P	libXv-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66379	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37115	P	file on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6521	P	unixODBC on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:7342	P	cpio on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8461	P	libvncclient0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10529	P	libpcscspy0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37383	P	apache2-mod_perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6383	P	libgypsy0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37275	P	libyaml-0-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6540	P	xorg-x11-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38132	P	audiofile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8508	P	python-requests on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10542	P	libsmbclient-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37422	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36636	P	libXi6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37334	P	stunnel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6615	P	gnome-keyring on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73070	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8523	P	squid on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20204011	P	RHSA-2020:4011: e2fsprogs security and bug fix update (Moderate)	2020-09-29
oval:com.redhat.rhsa:def:20201913	P	RHSA-2020:1913: e2fsprogs security, bug fix, and enhancement update (Moderate)	2020-04-28
oval:com.ubuntu.disco:def:201950940000000	V	CVE-2019-5094 on Ubuntu 19.04 (disco) - medium.	2019-09-24
oval:com.ubuntu.bionic:def:201950940000000	V	CVE-2019-5094 on Ubuntu 18.04 LTS (bionic) - medium.	2019-09-24
oval:com.ubuntu.xenial:def:201950940000000	V	CVE-2019-5094 on Ubuntu 16.04 LTS (xenial) - medium.	2019-09-24

BACK