Integer underflow in the "file" program before 4.20
Gabor Kovesdan
gabor at FreeBSD.org
Sat Mar 31 06:14:03 UTC 2007
Simon L. Nielsen schrieb:
> On 2007.03.29 16:22:58 +0200, Thomas Vogt wrote:
>
>
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
>> "Integer underflow in the file_printf function in the "file" program
>> before 4.20 allows user-assisted attackers to execute arbitrary code via
>> a file that triggers a heap-based buffer overflow."
>>
>> Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The
>> port has 4.20.
>>
>
> Hey,
>
> While I haven't confirmed FreeBSD is vulnerable, I assume that is the
> case. In any case, we (The FreeBSD Security Team) are working on this
> isuse.
>
>
In any case, I'd also be happy to see the base file upgraded, since the
current one has some known issues. E.g. it coredumps sometimes when
using from amavisd-new, while the newer version from ports works well.
Gabor
More information about the freebsd-security
mailing list