e2fsprogs -- buffer overflow if s_first_meta_bg too big

2014-08-09T00:00:00
ID 0F488B7B-BBB9-11E4-903C-080027EF73EC
Type freebsd
Reporter FreeBSD
Modified 2014-08-09T00:00:00

Description

Theodore Ts'o reports:

If s_first_meta_bg is greater than the of number block group descriptor blocks, then reading or writing the block group descriptors will end up overruning the memory buffer allocated for the descriptors. The finding is credited to a vulnerability report from Jose Duart of Google Security Team <jduart AT google.com> and was reported through oCERT-2015-002.