Integer underflow in the "file" program before 4.20
Oliver Fromme
olli at lurza.secnetix.de
Thu Apr 19 14:37:28 UTC 2007
Simon L. Nielsen wrote:
> Thomas Vogt wrote:
>
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
> > "Integer underflow in the file_printf function in the "file" program
> > before 4.20 allows user-assisted attackers to execute arbitrary code via
> > a file that triggers a heap-based buffer overflow."
> >
> > Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The
> > port has 4.20.
>
> Hey,
>
> While I haven't confirmed FreeBSD is vulnerable, I assume that is the
> case. In any case, we (The FreeBSD Security Team) are working on this
> isuse.
Any news on this? It's been more than a month ...
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"With sufficient thrust, pigs fly just fine. However, this
is not necessarily a good idea. It is hard to be sure where
they are going to land, and it could be dangerous sitting
under them as they fly overhead." -- RFC 1925
More information about the freebsd-security
mailing list