Integer underflow in the "file" program before 4.20
Simon L. Nielsen
simon at FreeBSD.org
Sat Mar 31 05:41:08 UTC 2007
On 2007.03.29 16:22:58 +0200, Thomas Vogt wrote:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
> "Integer underflow in the file_printf function in the "file" program
> before 4.20 allows user-assisted attackers to execute arbitrary code via
> a file that triggers a heap-based buffer overflow."
>
> Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The
> port has 4.20.
Hey,
While I haven't confirmed FreeBSD is vulnerable, I assume that is the
case. In any case, we (The FreeBSD Security Team) are working on this
isuse.
--
Simon L. Nielsen
FreeBSD Security Team
More information about the freebsd-security
mailing list