Vulnerability Note VU#606700
file integer overflow vulnerability
The file program contains a vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition.
file is a program for Unix-like operating systems that is used to determine what type of data is contained in a file.
file contains a buffer overflow vulnerability that is caused by an integer overflow in the file_printf function. To trigger the overflow, an attacker would need to convince a user to run a vulnerable version of file on a specially crafted file.
An attacker may be able to execute arbitrary code with the permissions of the user running the vulnerable version of file or cause the program to crash, creating a denial-of-service condition
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian GNU/Linux||Affected||-||06 Apr 2007|
|Gentoo Linux||Affected||20 Mar 2007||06 Apr 2007|
|Mandriva, Inc.||Affected||20 Mar 2007||26 Mar 2007|
|Openwall GNU/*/Linux||Affected||20 Mar 2007||26 Mar 2007|
|Red Hat, Inc.||Affected||20 Mar 2007||23 Mar 2007|
|Slackware Linux Inc.||Affected||20 Mar 2007||06 Apr 2007|
|SUSE Linux||Affected||20 Mar 2007||06 Apr 2007|
|Trustix Secure Linux||Affected||20 Mar 2007||06 Apr 2007|
|Ubuntu||Affected||20 Mar 2007||23 Mar 2007|
|Microsoft Corporation||Not Affected||20 Mar 2007||23 Mar 2007|
|Apache HTTP Server Project||Unknown||26 Mar 2007||26 Mar 2007|
|Apple Computer, Inc.||Unknown||20 Mar 2007||20 Mar 2007|
|Conectiva Inc.||Unknown||20 Mar 2007||20 Mar 2007|
|Cray Inc.||Unknown||20 Mar 2007||20 Mar 2007|
|EMC, Inc. (formerly Data General Corporation)||Unknown||20 Mar 2007||20 Mar 2007|
CVSS Metrics (Learn More)
Thanks to Jean-Sébastien Guay-Leroux and Christos Zoulas for information that was used in this report.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-1536
- Date Public: 19 Mar 2007
- Date First Published: 26 Mar 2007
- Date Last Updated: 16 Oct 2007
- Severity Metric: 1.62
- Document Revision: 44
If you have feedback, comments, or additional information about this vulnerability, please send us email.