First published: Wed Jan 08 2020(Updated: )
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Guardium | <=10.5 | |
IBM Security Guardium | <=10.6 | |
IBM Security Guardium | <=11.0 | |
IBM Security Guardium | <=11.1 | |
IBM Security Guardium | <=11.2 | |
IBM Security Guardium | <=11.3 | |
E2fsprogs Project E2fsprogs | >=1.43.3<=1.45.4 | |
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
Canonical Ubuntu Linux | =19.10 | |
openSUSE Leap | =15.1 | |
IBM Cloud Pak for Business Automation | ||
Netapp Hci Compute Node | ||
IBM Cloud Pak for Business Automation |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-5188 is a code execution vulnerability in the directory rehashing functionality of E2fsprogs e2fsck 1.
IBM Security Guardium versions up to 11.3 are affected by CVE-2019-5188.
Yes, Debian Debian Linux versions 8.0 and 9.0 are impacted by CVE-2019-5188.
CVE-2019-5188 has a severity rating of 7.5 (high).
You can find more information about CVE-2019-5188 at the following references: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/174075), [Link 2](https://www.ibm.com/support/pages/node/6455281), [Link 3](http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html).