Test ID:	1.3.6.1.4.1.25623.1.0.59975
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-555-1 (e2fsprogs)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to e2fsprogs announced via advisory USN-555-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Rafal Wojtczuk discovered multiple integer overflows in e2fsprogs. If a user or automated system were tricked into fscking a malicious ext2/ext3 filesystem, a remote attacker could execute arbitrary code with the user's privileges. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: e2fslibs 1.38-2ubuntu2.1 Ubuntu 6.10: e2fslibs 1.39-1ubuntu0.1 Ubuntu 7.04: e2fslibs 1.39+1.40-WIP-2006.11.14+dfsg-2ubuntu1.1 Ubuntu 7.10: e2fslibs 1.40.2-1ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-555-1 Risk factor : High CVSS Score: 5.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5497 1019537 http://www.securitytracker.com/id?1019537 20080212 FLEA-2008-0005-1 e2fsprogs http://www.securityfocus.com/archive/1/487999/100/0/threaded 20080303 VMSA-2008-0004 Low: Updated e2fsprogs service console package http://www.securityfocus.com/archive/1/489082/100/0/threaded 26772 http://www.securityfocus.com/bid/26772 27889 http://secunia.com/advisories/27889 27965 http://secunia.com/advisories/27965 27987 http://secunia.com/advisories/27987 28000 http://secunia.com/advisories/28000 28030 http://secunia.com/advisories/28030 28042 http://secunia.com/advisories/28042 28360 http://secunia.com/advisories/28360 28541 http://secunia.com/advisories/28541 28648 http://secunia.com/advisories/28648 29224 http://secunia.com/advisories/29224 32774 http://secunia.com/advisories/32774 40551 http://secunia.com/advisories/40551 ADV-2007-4135 http://www.vupen.com/english/advisories/2007/4135 ADV-2008-0761 http://www.vupen.com/english/advisories/2008/0761 ADV-2010-1796 http://www.vupen.com/english/advisories/2010/1796 DSA-1422 http://www.debian.org/security/2007/dsa-1422 FEDORA-2007-4447 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00618.html FEDORA-2007-4461 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00629.html HPSBMA02554 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 MDKSA-2007:242 http://www.mandriva.com/security/advisories?name=MDKSA-2007:242 RHSA-2008:0003 http://www.redhat.com/support/errata/RHSA-2008-0003.html SSRT100018 SUSE-SR:2007:025 http://www.novell.com/linux/security/advisories/2007_25_sr.html USN-555-1 http://www.ubuntu.com/usn/usn-555-1 [Security-announce] 20080303 VMSA-2008-0004 Low: Updated e2fsprogs service console package http://lists.vmware.com/pipermail/security-announce/2008/000007.html e2fsprogs-libext2fs-integer-overflow(38903) https://exchange.xforce.ibmcloud.com/vulnerabilities/38903 http://sourceforge.net/project/shownotes.php?release_id=560230&group_id=2406 http://support.avaya.com/elmodocs2/security/ASA-2008-040.htm http://support.citrix.com/article/CTX118766 http://wiki.rpath.com/Advisories:rPSA-2007-0262 http://www.vmware.com/security/advisories/VMSA-2008-0004.html https://issues.rpath.com/browse/RPL-2011 oval:org.mitre.oval:def:10399 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10399
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.