On Wed, 18 Jul at 2018 05:02:06 +0200 Alessandro Selli <alessandrose...@linux.com> wrote:
> On Wed, 18 Jul 2018 at 03:21:14 +0200 > Adam Borowski <kilob...@angband.pl> wrote: > >> On Tue, Jul 17, 2018 at 05:24:11PM -0700, Rick Moen wrote: >>> Quoting Adam Borowski (kilob...@angband.pl): >>> >>>> Then there are local exploits. Ted Ts'o for example keeps fuzzying >>>> ext4 for years yet exploitable bugs still pop up frequently -- usually >>>> just DoS but arbitrary code execution isn't unheard of. >>> >>> I've read a lot of e2fsprogs CVEs, and cannot recall any ever having >>> been _proved exploitable_ to allow arbitrary code execution. In a >>> number of cases, there have been bugs, generally buffer overflows, that >>> in theory could _possibly_ lead to arbitrary code execution that in >>> theory might exploit privileged code such as e2fsprogs mount code, thus >>> in theory possibly supporting privilege escalation. >> >> I'm talking about kernel not progs, and those don't get issued CVEs. > > A 5 secs search for "linux kernel CVE" disagrees with you: > https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33 > > Why on Earth would ever a kernel vulnerability not be issued a CVE? All right, on second reading I think I misunderstood you: you mean e2fsprogs do not get CVEs. Well, it's still wrong, a 5 secs search for "linux e2fsprogs CVE" disagrees with you: https://www.suse.com/security/cve/CVE-2015-1572/ "Description Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty." Regards, Alessandro _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
