On Wed, 18 Jul at 2018 05:02:06 +0200
Alessandro Selli <alessandroselli@???> wrote:
> On Wed, 18 Jul 2018 at 03:21:14 +0200
> Adam Borowski <kilobyte@???> wrote:
>
>> On Tue, Jul 17, 2018 at 05:24:11PM -0700, Rick Moen wrote:
>>> Quoting Adam Borowski (kilobyte@???):
>>>
>>>> Then there are local exploits. Ted Ts'o for example keeps fuzzying
>>>> ext4 for years yet exploitable bugs still pop up frequently -- usually
>>>> just DoS but arbitrary code execution isn't unheard of.
>>>
>>> I've read a lot of e2fsprogs CVEs, and cannot recall any ever having
>>> been _proved exploitable_ to allow arbitrary code execution. In a
>>> number of cases, there have been bugs, generally buffer overflows, that
>>> in theory could _possibly_ lead to arbitrary code execution that in
>>> theory might exploit privileged code such as e2fsprogs mount code, thus
>>> in theory possibly supporting privilege escalation.
>>
>> I'm talking about kernel not progs, and those don't get issued CVEs.
>
> A 5 secs search for "linux kernel CVE" disagrees with you:
> https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33
>
> Why on Earth would ever a kernel vulnerability not be issued a CVE?
All right, on second reading I think I misunderstood you: you mean
e2fsprogs do not get CVEs.
Well, it's still wrong, a 5 secs search for "linux e2fsprogs CVE" disagrees
with you:
https://www.suse.com/security/cve/CVE-2015-1572/
"Description
Heap-based buffer overflow in closefs.c in the libext2fs library in
e2fsprogs before 1.42.12 allows local users to execute arbitrary code
by causing a crafted block group descriptor to be marked as dirty."
Regards,
Alessandro
::
Re: [DNG] A Devuan kernel?
