Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2016.2146.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:2146-1)
Summary:The remote host is missing an update for the 'dosfstools' package(s) announced via the SUSE-SU-2016:2146-1 advisory.
Description:Summary:
The remote host is missing an update for the 'dosfstools' package(s) announced via the SUSE-SU-2016:2146-1 advisory.

Vulnerability Insight:
dosfstools was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-8872: The set_fat function in fat.c in dosfstools might have
allowed attackers to corrupt a FAT12 filesystem or cause a denial of
service (invalid memory read and crash) by writing an odd number of
clusters to the third to last entry on a FAT12 filesystem, which
triggers an 'off-by-two error (bsc#980364).
- CVE-2016-4804: The read_boot function in boot.c in dosfstools allowed
attackers to cause a denial of service (crash) via a crafted filesystem,
which triggers a heap-based buffer overflow in the (1) read_fat function
or an out-of-bounds heap read in (2) get_fat function (bsc#980377).

Affected Software/OS:
'dosfstools' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-8872
BugTraq ID: 90311
http://www.securityfocus.com/bid/90311
https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html
https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html
SuSE Security Announcement: openSUSE-SU-2016:1461 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html
SuSE Security Announcement: openSUSE-SU-2016:2233 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html
http://www.ubuntu.com/usn/USN-2986-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-4804
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.