Re: Integer underflow in the "file" program before 4.20
- From: "Simon L. Nielsen" <simon@xxxxxxxxxxx>
- Date: Sat, 31 Mar 2007 07:41:04 +0200
On 2007.03.29 16:22:58 +0200, Thomas Vogt wrote:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
"Integer underflow in the file_printf function in the "file" program
before 4.20 allows user-assisted attackers to execute arbitrary code via
a file that triggers a heap-based buffer overflow."
Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The
port has 4.20.
Hey,
While I haven't confirmed FreeBSD is vulnerable, I assume that is the
case. In any case, we (The FreeBSD Security Team) are working on this
isuse.
--
Simon L. Nielsen
FreeBSD Security Team
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Integer underflow in the "file" program before 4.20
- From: Gabor Kovesdan
- Re: Integer underflow in the "file" program before 4.20
- References:
- Integer underflow in the "file" program before 4.20
- From: Thomas Vogt
- Integer underflow in the "file" program before 4.20
- Prev by Date: Re: nx-bit and TPM
- Next by Date: Re: Integer underflow in the "file" program before 4.20
- Previous by thread: Integer underflow in the "file" program before 4.20
- Next by thread: Re: Integer underflow in the "file" program before 4.20
- Index(es):
Relevant Pages
|
|
