Vulnerability Details CVE-2015-1572
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.8%
CVSS Severity
CVSS v2 Score 4.6
References
- http://advisories.mageia.org/MGASA-2015-0088.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html
- http://www.debian.org/security/2015/dsa-3166
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:067
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:068
- http://www.securityfocus.com/bid/72709
- http://www.ubuntu.com/usn/USN-2507-1
- https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
- https://security.gentoo.org/glsa/201507-22
- http://advisories.mageia.org/MGASA-2015-0088.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html
- http://www.debian.org/security/2015/dsa-3166
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:067
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:068
- http://www.securityfocus.com/bid/72709
- http://www.ubuntu.com/usn/USN-2507-1
- https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
- https://security.gentoo.org/glsa/201507-22
Products affected by CVE-2015-1572
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.3b
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.3c
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.3d
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.4
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.4a
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.5
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.5a
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.5b
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:0.5c
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.01
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.02
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.03
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.04
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.05
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.06
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.07
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.08
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.09
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.10
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.12
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.13
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.14
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.15
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.16
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.17
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.18
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.19
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.20
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.21
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.22
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.23
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.24
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.24a
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.25
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.26
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.27
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.28
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.29
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.30
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.31
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.32
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.33
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.34
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.35
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.36
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.37
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.38
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.39
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.1
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.10
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.11
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.2
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.3
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.4
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.5
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.6
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.7
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.8
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.40.9
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.0
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.1
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.10
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.11
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.12
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.13
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.14
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.2
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.3
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.4
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.5
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.6
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.7
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.8
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.41.9
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.1
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.10
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.11
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.2
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.3
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.4
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.5
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.6
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.7
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.8
-
cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.42.9
-
cpe:2.3:o:canonical:ubuntu_linux:10.04
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.10
-
cpe:2.3:o:debian:debian_linux:7.0