Summary
The remote host is missing an update to e2fsprogs
announced via advisory DSA 1422-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201422-1
Insight
Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in version 1.39+1.40-WIP-2006.11.14+dfsg-2etch1.
For the unstable distribution (sid), this problem will be fixed shortly.
We recommend that you upgrade your e2fsprogs package.
Severity
Classification
-
CVE CVE-2007-5497 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities