CVE-2015-0247

Vulnerability

A heap-based buffer overflow exists in the openfs.c file of the libext2fs library in e2fsprogs before version 1.42.12. The flaw occurs when processing block group descriptor data without a proper boundary check on first_meta_bg. An attacker can trigger the overflow by supplying a specially crafted filesystem image [1][2][3].

Exploitation

An attacker needs only local access to the system and the ability to present a malicious filesystem image to an affected utility (e.g., e2fsck, mount, or debugfs). No special privileges are required beyond local user access. The exploitation involves opening the crafted image, which triggers the missing boundary check and leads to writing data beyond the allocated heap buffer [1][2].

Impact

Successful exploitation allows the attacker to corrupt heap memory, potentially leading to arbitrary code execution. Since many e2fsprogs utilities run with root privileges when repairing or mounting filesystems, this can result in full privilege escalation and compromise of the affected system [1][2][3].

Mitigation

The vulnerability was fixed in e2fsprogs version 1.42.12. Distributions such as Ubuntu and Mageia have released updated packages (e.g., Ubuntu via USN-2507-1 on 23 February 2015, Mageia via MGASA-2015-0061 on 11 February 2015) [2][3]. Users should upgrade to the patched version or apply the relevant security update from their vendor. Red Hat classified the bug as WONTFIX in some products [1].