Vulnerabilities discovered by a Cisco Talos researcher. Blog by Jon Munshaw.

Cisco Talos recently discovered multiple code execution and information disclosure vulnerabilities in various functions of the F2FS toolset. F2FS is a filesystem toolset commonly found in embedded
devices that creates, verifies and/or fixes Flash-Friendly File System files. An attacker could provide a malicious file to the target to trigger these vulnerabilities, causing a variety of negative conditions for the target.

In accordance with Cisco’s coordinated disclosure policy, we are disclosing these vulnerabilities without an update from F2FS after the organization failed to meet the 90-day deadline.

Vulnerability details

F2fs-Tools F2fs.Fsck filesystem checking information disclosure vulnerability (TALOS-2020-1046/CVE-2020-6104)

An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in the disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

F2fs-Tools F2fs.Fsck multiple devices code execution vulnerability (TALOS-2020-1047/CVE-2020-6105)

An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

F2fs-Tools F2fs.Fsck init_node_manager information disclosure vulnerability (TALOS-2020-1048/CVE-2020-6106)

An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

F2fs-Tools F2fs.Fsck dev_read information disclosure vulnerability (TALOS-2020-1049/CVE-2020-6107)

An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

F2fs-Tools F2fs.Fsck multiple devices code execution vulnerability (TALOS-2020-1050/CVE-2020-6108)

An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that this vulnerability affects version 1.13.0 of F2fs-Tools. TALOS-2020-1048 also affects version 1.12.0.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 53684, 53685, 53729 - 53732