Vulnerability-Lookup

CVE-2015-8872 (GCVE-0-2015-8872)

Vulnerability from cvelistv5 – Published: 2016-06-03 14:00 – Updated: 2024-08-06 08:29

Summary

The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

CNVD-2016-03346

Vulnerability from cnvd - Published: 2016-05-19

Title

dosfstools内存泄露漏洞

Description

dosfstools是一套开源的命令行实用程序，它支持用户能够方便快捷地创建标签和检查GNU/Linux操作系统中的MS-DOS FAT文件系统等。 dosfstools的‘set_fat()’函数中存在安全漏洞，该漏洞源于程序中存在off-by-2错误。攻击者可利用该漏洞造成数据破坏和无效的内存访问。

Severity

中

Patch Name

dosfstools内存泄露漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： https://github.com/dosfstools/dosfstools

Reference

http://www.openwall.com/lists/oss-security/2016/05/14/1

Impacted products

Name
dosfstools dosfstools

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-8872"
    }
  },
  "description": "dosfstools\u662f\u4e00\u5957\u5f00\u6e90\u7684\u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\uff0c\u5b83\u652f\u6301\u7528\u6237\u80fd\u591f\u65b9\u4fbf\u5feb\u6377\u5730\u521b\u5efa\u6807\u7b7e\u548c\u68c0\u67e5GNU/Linux\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u7684MS-DOS FAT\u6587\u4ef6\u7cfb\u7edf\u7b49\u3002\r\n\r\ndosfstools\u7684\u2018set_fat()\u2019\u51fd\u6570\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4e2d\u5b58\u5728off-by-2\u9519\u8bef\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u6570\u636e\u7834\u574f\u548c\u65e0\u6548\u7684\u5185\u5b58\u8bbf\u95ee\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://github.com/dosfstools/dosfstools",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03346",
  "openTime": "2016-05-19",
  "patchDescription": "dosfstools\u662f\u4e00\u5957\u5f00\u6e90\u7684\u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\uff0c\u5b83\u652f\u6301\u7528\u6237\u80fd\u591f\u65b9\u4fbf\u5feb\u6377\u5730\u521b\u5efa\u6807\u7b7e\u548c\u68c0\u67e5GNU/Linux\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u7684MS-DOS FAT\u6587\u4ef6\u7cfb\u7edf\u7b49\u3002\r\n\r\ndosfstools\u7684\u2018set_fat()\u2019\u51fd\u6570\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4e2d\u5b58\u5728off-by-2\u9519\u8bef\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u6570\u636e\u7834\u574f\u548c\u65e0\u6548\u7684\u5185\u5b58\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "dosfstools\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "dosfstools dosfstools"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2016/05/14/1",
  "serverity": "\u4e2d",
  "submitTime": "2016-05-17",
  "title": "dosfstools\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e"
}

GSD-2015-8872

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-8872

Aliases

CVE-2015-8872

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-8872",
    "description": "The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an \"off-by-two error.\"",
    "id": "GSD-2015-8872",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-8872.html",
      "https://ubuntu.com/security/CVE-2015-8872",
      "https://advisories.mageia.org/CVE-2015-8872.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-8872"
      ],
      "details": "The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an \"off-by-two error.\"",
      "id": "GSD-2015-8872",
      "modified": "2023-12-13T01:20:03.904651Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-8872",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an \"off-by-two error.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "openSUSE-SU-2016:1461",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html"
          },
          {
            "name": "https://github.com/dosfstools/dosfstools/releases/tag/v4.0",
            "refsource": "CONFIRM",
            "url": "https://github.com/dosfstools/dosfstools/releases/tag/v4.0"
          },
          {
            "name": "https://github.com/dosfstools/dosfstools/issues/12",
            "refsource": "CONFIRM",
            "url": "https://github.com/dosfstools/dosfstools/issues/12"
          },
          {
            "name": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html",
            "refsource": "MISC",
            "url": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html"
          },
          {
            "name": "USN-2986-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2986-1"
          },
          {
            "name": "https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7",
            "refsource": "CONFIRM",
            "url": "https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7"
          },
          {
            "name": "openSUSE-SU-2016:2233",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html"
          },
          {
            "name": "90311",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/90311"
          },
          {
            "name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2224-1] dosfstools security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dosfstools_project:dosfstools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.28",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8872"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an \"off-by-two error.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2986-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2986-1"
            },
            {
              "name": "https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7"
            },
            {
              "name": "openSUSE-SU-2016:1461",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html"
            },
            {
              "name": "https://github.com/dosfstools/dosfstools/releases/tag/v4.0",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/dosfstools/dosfstools/releases/tag/v4.0"
            },
            {
              "name": "https://github.com/dosfstools/dosfstools/issues/12",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://github.com/dosfstools/dosfstools/issues/12"
            },
            {
              "name": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html"
            },
            {
              "name": "openSUSE-SU-2016:2233",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html"
            },
            {
              "name": "90311",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/90311"
            },
            {
              "name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2224-1] dosfstools security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.5,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-05-30T18:15Z",
      "publishedDate": "2016-06-03T14:59Z"
    }
  }
}

GHSA-2VWW-49J7-CHWM

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26

Details

Severity ?

6.2 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-8872"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-06-03T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an \"off-by-two error.\"",
  "id": "GHSA-2vww-49j7-chwm",
  "modified": "2022-05-13T01:26:12Z",
  "published": "2022-05-13T01:26:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8872"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dosfstools/dosfstools/issues/12"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7"
    },
    {
      "type": "WEB",
      "url": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dosfstools/dosfstools/releases/tag/v4.0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/90311"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2986-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

SUSE-SU-2016:2145-1

Vulnerability from csaf_suse - Published: 2016-08-24 11:55 - Updated: 2016-08-24 11:55

Summary

Security update for dosfstools

Notes

Title of the patch

Security update for dosfstools

Description of the patch

dosfstools was updated to fix two security issues. These security issues were fixed: - CVE-2015-8872: The set_fat function in fat.c in dosfstools might have allowed attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an 'off-by-two error (bsc#980364). - CVE-2016-4804: The read_boot function in boot.c in dosfstools allowed attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function (bsc#980377). This non-security issue was fixed: - bsc#912607: Attempt to rename root dir in fsck due to uninitialized fields.

Patchnames

SUSE-SLE-DESKTOP-12-SP1-2016-1263,SUSE-SLE-SERVER-12-SP1-2016-1263

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for dosfstools",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "dosfstools was updated to fix two security issues.\n\nThese security issues were fixed:\n- CVE-2015-8872: The set_fat function in fat.c in dosfstools might have allowed attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an \u0027off-by-two error (bsc#980364).\n- CVE-2016-4804: The read_boot function in boot.c in dosfstools allowed attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function (bsc#980377).\n\nThis non-security issue was fixed:\n- bsc#912607: Attempt to rename root dir in fsck due to uninitialized fields.\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP1-2016-1263,SUSE-SLE-SERVER-12-SP1-2016-1263",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2145-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:2145-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162145-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:2145-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002224.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 912607",
        "url": "https://bugzilla.suse.com/912607"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 980364",
        "url": "https://bugzilla.suse.com/980364"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 980377",
        "url": "https://bugzilla.suse.com/980377"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8872 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8872/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-4804 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-4804/"
      }
    ],
    "title": "Security update for dosfstools",
    "tracking": {
      "current_release_date": "2016-08-24T11:55:45Z",
      "generator": {
        "date": "2016-08-24T11:55:45Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:2145-1",
      "initial_release_date": "2016-08-24T11:55:45Z",
      "revision_history": [
        {
          "date": "2016-08-24T11:55:45Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dosfstools-3.0.26-6.5.ppc64le",
                "product": {
                  "name": "dosfstools-3.0.26-6.5.ppc64le",
                  "product_id": "dosfstools-3.0.26-6.5.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dosfstools-3.0.26-6.5.s390x",
                "product": {
                  "name": "dosfstools-3.0.26-6.5.s390x",
                  "product_id": "dosfstools-3.0.26-6.5.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dosfstools-3.0.26-6.5.x86_64",
                "product": {
                  "name": "dosfstools-3.0.26-6.5.x86_64",
                  "product_id": "dosfstools-3.0.26-6.5.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-6.5.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:dosfstools-3.0.26-6.5.x86_64"
        },
        "product_reference": "dosfstools-3.0.26-6.5.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-6.5.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.ppc64le"
        },
        "product_reference": "dosfstools-3.0.26-6.5.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-6.5.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.s390x"
        },
        "product_reference": "dosfstools-3.0.26-6.5.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-6.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.x86_64"
        },
        "product_reference": "dosfstools-3.0.26-6.5.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-6.5.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.ppc64le"
        },
        "product_reference": "dosfstools-3.0.26-6.5.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-6.5.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.s390x"
        },
        "product_reference": "dosfstools-3.0.26-6.5.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-6.5.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.x86_64"
        },
        "product_reference": "dosfstools-3.0.26-6.5.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-8872",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8872"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an \"off-by-two error.\"",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:dosfstools-3.0.26-6.5.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.s390x",
          "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8872",
          "url": "https://www.suse.com/security/cve/CVE-2015-8872"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 980364 for CVE-2015-8872",
          "url": "https://bugzilla.suse.com/980364"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:dosfstools-3.0.26-6.5.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.s390x",
            "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:dosfstools-3.0.26-6.5.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.s390x",
            "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-08-24T11:55:45Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-8872"
    },
    {
      "cve": "CVE-2016-4804",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-4804"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:dosfstools-3.0.26-6.5.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.s390x",
          "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-4804",
          "url": "https://www.suse.com/security/cve/CVE-2016-4804"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 980364 for CVE-2016-4804",
          "url": "https://bugzilla.suse.com/980364"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 980377 for CVE-2016-4804",
          "url": "https://bugzilla.suse.com/980377"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:dosfstools-3.0.26-6.5.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.s390x",
            "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:dosfstools-3.0.26-6.5.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.s390x",
            "SUSE Linux Enterprise Server 12 SP1:dosfstools-3.0.26-6.5.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:dosfstools-3.0.26-6.5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-08-24T11:55:45Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-4804"
    }
  ]
}

SUSE-SU-2016:2146-1

Vulnerability from csaf_suse - Published: 2016-08-24 11:55 - Updated: 2016-08-24 11:55

Summary

Security update for dosfstools

Notes

Title of the patch

Security update for dosfstools

Description of the patch

Patchnames

slessp4-dosfstools-12706

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for dosfstools",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "dosfstools was updated to fix two security issues.\n\nThese security issues were fixed:\n- CVE-2015-8872: The set_fat function in fat.c in dosfstools might have allowed attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an \u0027off-by-two error (bsc#980364).\n- CVE-2016-4804: The read_boot function in boot.c in dosfstools allowed attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function (bsc#980377).\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "slessp4-dosfstools-12706",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2146-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:2146-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162146-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:2146-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002225.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 980364",
        "url": "https://bugzilla.suse.com/980364"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 980377",
        "url": "https://bugzilla.suse.com/980377"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8872 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8872/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-4804 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-4804/"
      }
    ],
    "title": "Security update for dosfstools",
    "tracking": {
      "current_release_date": "2016-08-24T11:55:12Z",
      "generator": {
        "date": "2016-08-24T11:55:12Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:2146-1",
      "initial_release_date": "2016-08-24T11:55:12Z",
      "revision_history": [
        {
          "date": "2016-08-24T11:55:12Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dosfstools-3.0.26-3.1.i586",
                "product": {
                  "name": "dosfstools-3.0.26-3.1.i586",
                  "product_id": "dosfstools-3.0.26-3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dosfstools-3.0.26-3.1.ia64",
                "product": {
                  "name": "dosfstools-3.0.26-3.1.ia64",
                  "product_id": "dosfstools-3.0.26-3.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dosfstools-3.0.26-3.1.ppc64",
                "product": {
                  "name": "dosfstools-3.0.26-3.1.ppc64",
                  "product_id": "dosfstools-3.0.26-3.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dosfstools-3.0.26-3.1.s390x",
                "product": {
                  "name": "dosfstools-3.0.26-3.1.s390x",
                  "product_id": "dosfstools-3.0.26-3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dosfstools-3.0.26-3.1.x86_64",
                "product": {
                  "name": "dosfstools-3.0.26-3.1.x86_64",
                  "product_id": "dosfstools-3.0.26-3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-3.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.i586"
        },
        "product_reference": "dosfstools-3.0.26-3.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-3.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ia64"
        },
        "product_reference": "dosfstools-3.0.26-3.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-3.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ppc64"
        },
        "product_reference": "dosfstools-3.0.26-3.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-3.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.s390x"
        },
        "product_reference": "dosfstools-3.0.26-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.x86_64"
        },
        "product_reference": "dosfstools-3.0.26-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-3.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.i586"
        },
        "product_reference": "dosfstools-3.0.26-3.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-3.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ia64"
        },
        "product_reference": "dosfstools-3.0.26-3.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-3.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ppc64"
        },
        "product_reference": "dosfstools-3.0.26-3.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.s390x"
        },
        "product_reference": "dosfstools-3.0.26-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dosfstools-3.0.26-3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.x86_64"
        },
        "product_reference": "dosfstools-3.0.26-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-8872",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8872"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an \"off-by-two error.\"",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8872",
          "url": "https://www.suse.com/security/cve/CVE-2015-8872"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 980364 for CVE-2015-8872",
          "url": "https://bugzilla.suse.com/980364"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-08-24T11:55:12Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-8872"
    },
    {
      "cve": "CVE-2016-4804",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-4804"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-4804",
          "url": "https://www.suse.com/security/cve/CVE-2016-4804"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 980364 for CVE-2016-4804",
          "url": "https://bugzilla.suse.com/980364"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 980377 for CVE-2016-4804",
          "url": "https://bugzilla.suse.com/980377"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:dosfstools-3.0.26-3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:dosfstools-3.0.26-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-08-24T11:55:12Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-4804"
    }
  ]
}

FKIE_CVE-2015-8872

Vulnerability from fkie_nvd - Published: 2016-06-03 14:59 - Updated: 2025-04-12 10:46

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html
cve@mitre.org	http://www.securityfocus.com/bid/90311
cve@mitre.org	http://www.ubuntu.com/usn/USN-2986-1
cve@mitre.org	https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html	Vendor Advisory
cve@mitre.org	https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7
cve@mitre.org	https://github.com/dosfstools/dosfstools/issues/12	Vendor Advisory
cve@mitre.org	https://github.com/dosfstools/dosfstools/releases/tag/v4.0	Patch
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/90311
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2986-1
af854a3a-2127-422b-91ae-364da2661108	https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dosfstools/dosfstools/issues/12	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dosfstools/dosfstools/releases/tag/v4.0	Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html

Impacted products

Vendor	Product	Version
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.10
canonical	ubuntu_linux	16.04
opensuse	leap	42.1
opensuse	opensuse	13.2
dosfstools_project	dosfstools	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dosfstools_project:dosfstools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A02C944-1F02-4007-B4C2-E4751D47AE17",
              "versionEndIncluding": "3.0.28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an \"off-by-two error.\""
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n set_fat en fat.c en dosfstools en versiones anteriores a 4.0 podr\u00eda permitir a atacantes corromper un sistema de archivos FAT12 o provocar una denegaci\u00f3n de servicio (lectura de memoria no v\u00e1lida y ca\u00edda) escribiendo un n\u00famero impar de clusters desde la tercera a la \u00faltima entrada en un sistema de archivos FAT12, lo que desencadena un \"off-by-two error\"."
    }
  ],
  "id": "CVE-2015-8872",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-03T14:59:00.123",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/90311"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2986-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/dosfstools/dosfstools/issues/12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/dosfstools/dosfstools/releases/tag/v4.0"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/90311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2986-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/dosfstools/dosfstools/issues/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/dosfstools/dosfstools/releases/tag/v4.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-8872 (GCVE-0-2015-8872)

CNVD-2016-03346

GSD-2015-8872

GHSA-2VWW-49J7-CHWM

SUSE-SU-2016:2145-1

SUSE-SU-2016:2146-1

FKIE_CVE-2015-8872

Tags

Sightings

Nomenclature