Solution
Please Install the Updated Packages.
Insight
The e2fsprogs packages contain a number of utilities for creating, checking, modifying, and correcting any inconsistencies in second and third extended (ext2/ext3) file systems.
Multiple integer overflow flaws were found in the way e2fsprogs processes file system content. If a victim opens a carefully crafted file system with a program using e2fsprogs, it may be possible to execute arbitrary code with the permissions of the victim. It may be possible to leverage this flaw in a virtualized environment to gain access to other virtualized hosts. (CVE-2007-5497)
Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for responsibly disclosing these issues.
Users of e2fsprogs are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues.
Affected
e2fsprogs on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, Red Hat Enterprise Linux ES version 2.1,
Red Hat Enterprise Linux WS version 2.1,
Red Hat Enterprise Linux AS version 3,
Red Hat Enterprise Linux ES version 3,
Red Hat Enterprise Linux WS version 3,
Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4,
Red Hat Enterprise Linux (v. 5 server)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-5497 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities