Integer underflow in the "file" program before 4.20 - Gabor Kovesdan - org.freebsd.freebsd-security

4 messages in org.freebsd.freebsd-securityInteger underflow in the "file" progr...

From	Sent On	Attachments
Thomas Vogt	Mar 29, 2007 4:16 pm
Simon L. Nielsen	Mar 31, 2007 5:40 am
Gabor Kovesdan	Mar 31, 2007 11:28 am
Oliver Fromme	Apr 19, 2007 2:37 pm

Subject:	Integer underflow in the "file" program before 4.20
From:	Gabor Kovesdan (gab...@FreeBSD.org)
Date:	Mar 31, 2007 11:28:04 am
List:	org.freebsd.freebsd-security

Simon L. Nielsen schrieb:

On 2007.03.29 16:22:58 +0200, Thomas Vogt wrote:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 "Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow."

Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The port has 4.20.

Hey,

While I haven't confirmed FreeBSD is vulnerable, I assume that is the case. In any case, we (The FreeBSD Security Team) are working on this isuse.

In any case, I'd also be happy to see the base file upgraded, since the current one has some known issues. E.g. it coredumps sometimes when using from amavisd-new, while the newer version from ports works well.

Gabor

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets