e2fsprogs: arbitrary code execution

ID ASA-201503-8
Type archlinux
Reporter Arch Linux
Modified 2015-03-12T00:00:00


If corrupted file system didn't trip over some corruption check, and then the file system was modified via tune2fs or debugfs, such that the superblock was marked dirty and then written out via the closefs() path, it's possible that the buffer overrun could be triggered when the file system is closed. This issue can lead to arbitrary code execution if a malicious device is plugged in and the mounting process chooses to run fsck (or other application using the ext2fs library) on the device's malicious filesystem.