Integer underflow in the "file" program before 4.20
Thomas Vogt
thomas at bsdunix.ch
Thu Mar 29 14:46:10 UTC 2007
Hello
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
"Integer underflow in the file_printf function in the "file" program
before 4.20 allows user-assisted attackers to execute arbitrary code via
a file that triggers a heap-based buffer overflow."
Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The
port has 4.20.
Regards,
Thomas
--
Terry Lambert:
"It is not unix's job to stop you from shooting your foot. If you so
choose to do so, then it is UNIX's job to deliver Mr. Bullet to Mr Foot
in the most efficient way it knows."
More information about the freebsd-security
mailing list