Amazon Linux AMI update for e2fsprogs
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-5094 CVE-2019-5188 |
| CWE-ID | CWE-787 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU21329
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-5094
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the quota file functionality. A local user can send a specially crafted xt4 partition, trigger out-of-bounds write on the heap and execute arbitrary code on the target system.
Note: An attacker can corrupt a partition to trigger this vulnerability.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
e2fsprogs-static-1.43.5-2.44.amzn1.i686
libcom_err-devel-1.43.5-2.44.amzn1.i686
e2fsprogs-1.43.5-2.44.amzn1.i686
libss-1.43.5-2.44.amzn1.i686
e2fsprogs-libs-1.43.5-2.44.amzn1.i686
e2fsprogs-debuginfo-1.43.5-2.44.amzn1.i686
libcom_err-1.43.5-2.44.amzn1.i686
libss-devel-1.43.5-2.44.amzn1.i686
e2fsprogs-devel-1.43.5-2.44.amzn1.i686
src:
e2fsprogs-1.43.5-2.44.amzn1.src
x86_64:
e2fsprogs-1.43.5-2.44.amzn1.x86_64
e2fsprogs-libs-1.43.5-2.44.amzn1.x86_64
libcom_err-1.43.5-2.44.amzn1.x86_64
libcom_err-devel-1.43.5-2.44.amzn1.x86_64
libss-devel-1.43.5-2.44.amzn1.x86_64
libss-1.43.5-2.44.amzn1.x86_64
e2fsprogs-debuginfo-1.43.5-2.44.amzn1.x86_64
e2fsprogs-static-1.43.5-2.44.amzn1.x86_64
e2fsprogs-devel-1.43.5-2.44.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2021-1458.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Out-of-bounds write
EUVDB-ID: #VU24078
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-5188
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the directory rehashing functionality in "rehash.c" within the "mutate_name()" function. A local user can use a specially crafted ext4 directory, trigger out-of-bounds write on the stack and execute arbitrary code on the target system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
e2fsprogs-static-1.43.5-2.44.amzn1.i686
libcom_err-devel-1.43.5-2.44.amzn1.i686
e2fsprogs-1.43.5-2.44.amzn1.i686
libss-1.43.5-2.44.amzn1.i686
e2fsprogs-libs-1.43.5-2.44.amzn1.i686
e2fsprogs-debuginfo-1.43.5-2.44.amzn1.i686
libcom_err-1.43.5-2.44.amzn1.i686
libss-devel-1.43.5-2.44.amzn1.i686
e2fsprogs-devel-1.43.5-2.44.amzn1.i686
src:
e2fsprogs-1.43.5-2.44.amzn1.src
x86_64:
e2fsprogs-1.43.5-2.44.amzn1.x86_64
e2fsprogs-libs-1.43.5-2.44.amzn1.x86_64
libcom_err-1.43.5-2.44.amzn1.x86_64
libcom_err-devel-1.43.5-2.44.amzn1.x86_64
libss-devel-1.43.5-2.44.amzn1.x86_64
libss-1.43.5-2.44.amzn1.x86_64
e2fsprogs-debuginfo-1.43.5-2.44.amzn1.x86_64
e2fsprogs-static-1.43.5-2.44.amzn1.x86_64
e2fsprogs-devel-1.43.5-2.44.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2021-1458.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
