Bugzilla – Bug 980364
VUL-0: CVE-2015-8872: dosfstools: Off-by-2 error leading to corruption in FAT12
Last modified: 2018-02-15 15:35:58 UTC
rh#1336739 A vulnerability was found in dosfstools. In FAT12 two 12 bit entries are combined to a 24 bit value (three bytes). Therefore, when an even numbered FAT entry is set in FAT12, it must be be combined with the following entry. To prevent accessing beyond the end of the FAT array, it must be checked that the cluster is not the last one. Previously, the check tested that the requested cluster was equal to fs->clusters - 1. However, fs->clusters is the number of data clusters not including the two reserved FAT entries at the start so the test triggered two clusters early. If the third to last entry was written on a FAT12 filesystem with an odd number of clusters, the second to last entry would be corrupted. This corruption may also lead to invalid memory accesses when the corrupted entry becomes out of bounds and is used later. External references: https://github.com/dosfstools/dosfstools/issues/12 https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html Upstream fix: https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7 References: https://bugzilla.redhat.com/show_bug.cgi?id=1336739 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8872 http://seclists.org/oss-sec/2016/q2/343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8872
bugbot adjusting priority
SRs sent for SLE12, SLE11-SP4 and SLE11-SP2 also for 13.2 and Leap 42.1. Factory has version 4.0 which is not affected. waiting for instructions for SLE11 and SLE10-SP3
This is an autogenerated message for OBS integration: This bug (980364) was mentioned in https://build.opensuse.org/request/show/397723 13.2+42.1 / dosfstools
openSUSE-SU-2016:1461-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 912607,980364,980377 CVE References: CVE-2015-8872,CVE-2016-4804 Sources used: openSUSE Leap 42.1 (src): dosfstools-3.0.26-6.1 openSUSE 13.2 (src): dosfstools-3.0.26-3.8.1
SUSE-SU-2016:2145-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 912607,980364,980377 CVE References: CVE-2015-8872,CVE-2016-4804 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): dosfstools-3.0.26-6.5 SUSE Linux Enterprise Desktop 12-SP1 (src): dosfstools-3.0.26-6.5
SUSE-SU-2016:2146-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 980364,980377 CVE References: CVE-2015-8872,CVE-2016-4804 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): dosfstools-3.0.26-3.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): dosfstools-3.0.26-3.1
submitted to SLE10 that is all from me, handing over to security
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-09-15. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63012
openSUSE-SU-2016:2233-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 912607,980364,980377 CVE References: CVE-2015-8872,CVE-2016-4804 Sources used: openSUSE Leap 42.1 (src): dosfstools-3.0.26-9.1
released