Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 202105-03 ] GPT fdisk
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663

PostPosted: Wed May 26, 2021 9:26 am    Post subject: [ GLSA 202105-03 ] GPT fdisk Reply with quote

Gentoo Linux Security Advisory

Title: GPT fdisk: Integer underflow (GLSA 202105-03)
Severity: normal
Exploitable: local
Date: 2021-05-26
Bug(s): #768762
ID: 202105-03

Synopsis

An integer underflow in sgdisk from GPT fdisk package might allow
local attacker(s) to escalate privileges.


Background

GPT fdisk (consisting of the gdisk, cgdisk, sgdisk, and fixparts
programs) is a set of text-mode partitioning tools for Linux, FreeBSD,
Mac OS X, and Windows.


Affected Packages

Package: sys-apps/gptfdisk
Vulnerable: < 1.0.6
Unaffected: >= 1.0.6
Architectures: All supported architectures


Description

It was discovered that ReadLogicalParts() function in basicmbr.cc was
missing a bounds check.


Impact

A local attacker could entice a user to insert a malicious formatted
block device (USB stick or SD card for example), that, when processed
with sgdisk, possibly resulting in local escalation of privileges or a
Denial of Service condition.


Workaround

There is no known workaround at this time.

Resolution

All GPT fdisk users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=sys-apps/gptfdisk-1.0.6"
   


References

CVE-2021-0308
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum