Hello http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 "Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow." Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The port has 4.20. Regards, Thomas -- Terry Lambert: "It is not unix's job to stop you from shooting your foot. If you so choose to do so, then it is UNIX's job to deliver Mr. Bullet to Mr Foot in the most efficient way it knows."
Simon L. Nielsen
2007-Mar-31 05:41 UTC
Integer underflow in the "file" program before 4.20
On 2007.03.29 16:22:58 +0200, Thomas Vogt wrote:> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 > "Integer underflow in the file_printf function in the "file" program > before 4.20 allows user-assisted attackers to execute arbitrary code via > a file that triggers a heap-based buffer overflow." > > Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The > port has 4.20.Hey, While I haven't confirmed FreeBSD is vulnerable, I assume that is the case. In any case, we (The FreeBSD Security Team) are working on this isuse. -- Simon L. Nielsen FreeBSD Security Team
Simon L. Nielsen wrote: > Thomas Vogt wrote: > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 > > "Integer underflow in the file_printf function in the "file" program > > before 4.20 allows user-assisted attackers to execute arbitrary code via > > a file that triggers a heap-based buffer overflow." > > > > Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The > > port has 4.20. > > Hey, > > While I haven't confirmed FreeBSD is vulnerable, I assume that is the > case. In any case, we (The FreeBSD Security Team) are working on this > isuse. Any news on this? It's been more than a month ... Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Gesch?ftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M?n- chen, HRB 125758, Gesch?ftsf?hrer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." -- RFC 1925