CVE-2019-5094: High severity ibm infosphere guardium z/os vulnerability
Published Sep 24, 2019
·Updated
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
Other sources
E2fsprogs could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the quota file functionality. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
— IBM
Affected Software
21 affected componentsFixes available
debian/e2fsprogs<=1.44.5-1, <=1.43.4-2, <=1.44.5-1+deb10u1
1.45.4-11.44.5-1+deb10u21.43.4-2+deb9u1
IBM Security Guardium<=10.5
IBM Security Guardium<=10.6
IBM Security Guardium<=11.0
IBM Security Guardium<=11.1
IBM Security Guardium<=11.2
IBM Security Guardium<=11.3
E2fsprogs Project E2fsprogs>=1.43.3<=1.45.3
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
NetApp Hci Management Node
NetApp Solidfire
debian/e2fsprogs
1.46.2-21.46.2-2+deb11u11.47.0-21.47.2-11.47.2-3
Remediation
Event History
Sep 24, 2019
CVE Published
via MITRE·09:21 PM
Data Sourced
via MITRE·09:21 PM
DescriptionSeverityWeakness
Aug 8, 2024
Data Sourced
via Launchpad·07:59 PM
Description
Sep 13, 2024
Data Sourced
via Ubuntu·08:05 PM
RemedyDescriptionSeverityAffected Software
Jun 15, 2025
Data Sourced
via Debian·07:24 PM
DescriptionAffected Software