Vulnerability Note VU#606700

file integer overflow vulnerability

Overview

The file program contains a vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition.

I. Description

file is a program for Unix-like operating systems that is used to determine what type of data is contained in a file.

file contains a buffer overflow vulnerability that is caused by an integer overflow in the file_printf function. To trigger the overflow, an attacker would need to convince a user to run a vulnerable version of file on a specially crafted file.

II. Impact

An attacker may be able to execute arbitrary code with the permissions of the user running the vulnerable version of file or cause the program to crash, creating a denial-of-service condition

III. Solution

Upgrade

Version 4.20 of file was released to address this issue. Note that operating systems may ship with different versions of the file program. See the systems affected portion of this document for information about specific vendors.

Do not run file as root

Running the file program with a limited user account may partially mitigate the impact of successful exploitation of vulnerability.

Systems Affected

Vendor	Status	Date Updated
Apache HTTP Server Project	Unknown	26-Mar-2007
Apple Computer, Inc.	Unknown	20-Mar-2007
Conectiva Inc.	Unknown	20-Mar-2007
Cray Inc.	Unknown	20-Mar-2007
Debian GNU/Linux	Vulnerable	6-Apr-2007
EMC, Inc. (formerly Data General Corporation)	Unknown	20-Mar-2007
Engarde Secure Linux	Unknown	20-Mar-2007
F5 Networks, Inc.	Unknown	20-Mar-2007
Fedora Project	Unknown	20-Mar-2007
FreeBSD, Inc.	Unknown	20-Mar-2007
Fujitsu	Unknown	20-Mar-2007
Gentoo Linux	Vulnerable	6-Apr-2007
Hewlett-Packard Company	Unknown	20-Mar-2007
Hitachi	Unknown	20-Mar-2007
IBM Corporation	Unknown	20-Mar-2007
IBM Corporation (zseries)	Unknown	20-Mar-2007
IBM eServer	Unknown	20-Mar-2007
Immunix Communications, Inc.	Unknown	20-Mar-2007
Ingrian Networks, Inc.	Unknown	20-Mar-2007
Juniper Networks, Inc.	Unknown	20-Mar-2007
Mandriva, Inc.	Vulnerable	26-Mar-2007
Microsoft Corporation	Not Vulnerable	23-Mar-2007
MontaVista Software, Inc.	Unknown	20-Mar-2007
NEC Corporation	Unknown	20-Mar-2007
NetBSD	Unknown	20-Mar-2007
Nokia	Unknown	20-Mar-2007
Novell, Inc.	Unknown	20-Mar-2007
OpenBSD	Unknown	20-Mar-2007
Openwall GNU/*/Linux	Vulnerable	26-Mar-2007
QNX, Software Systems, Inc.	Unknown	20-Mar-2007
Red Hat, Inc.	Vulnerable	23-Mar-2007
Silicon Graphics, Inc.	Unknown	20-Mar-2007
Slackware Linux Inc.	Vulnerable	6-Apr-2007
Sony Corporation	Unknown	20-Mar-2007
Sun Microsystems, Inc.	Unknown	20-Mar-2007
SUSE Linux	Vulnerable	6-Apr-2007
The SCO Group	Unknown	20-Mar-2007
Trustix Secure Linux	Vulnerable	6-Apr-2007
Turbolinux	Unknown	20-Mar-2007
Ubuntu	Vulnerable	23-Mar-2007
Unisys	Unknown	20-Mar-2007
Wind River Systems, Inc.	Unknown	20-Mar-2007

References

http://mx.gw.com/pipermail/file/2007/000161.html
ftp://ftp.astron.com/pub/file/file-4.20.tar.gz
https://www.securecoding.cert.org/confluence/x/RgE
http://secunia.com/advisories/24548/
http://www.ubuntu.com/usn/usn-439-1
http://secunia.com/advisories/24592/
http://www.mandriva.com/security/advisories?name=MDKSA-2007:067
http://rhn.redhat.com/errata/RHSA-2007-0124.html
https://issues.rpath.com/browse/RPL-1148
http://www.securityfocus.com/bid/2302
http://secunia.com/advisories/25133/
http://secunia.com/advisories/25393/
http://docs.info.apple.com/article.html?artnum=305530

Credit

Thanks to Jean-S�bastien Guay-Leroux and Christos Zoulas for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public	03/19/2007
Date First Published	03/26/2007 03:31:05 PM
Date Last Updated	10/16/2007
CERT Advisory
CVE-ID(s)	CVE-2007-1536
NVD-ID(s)	CVE-2007-1536
US-CERT Technical Alerts
Metric	1.62
Document Revision	44

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader