Vulnerability Note VU#611865

Automatic File Content Type Recognition Tool vulnerable to stack overflow

Overview

A buffer overflow vulnerability exists in the "Automatic File Content Type Recognition Tool" versions of the file[1] package prior to 3.41.

I. Description

The file[1] package is used to examine files on the system. According to an OpenPKG advisory, a stack overflow vulnerability exists in the "Automatic File Content Type Recognition Tool" (AFCTR tool) versions of the file[1] package prior to 3.41.

It appears that an exploit for this vulnerability has been posted to the bugtraq mailing list.

II. Impact

If an attacker can craft a malicious file on the system and trick a victim to examine the file using the AFCTR tool, they can execute arbitrary code with the privileges of the victim.

III. Solution

Upgrade to the version 3.41 of the file[1] package, or apply a patch specified by your vendor.

Systems Affected

Vendor	Status	Date Notified	Date Updated
OpenPKG	Vulnerable	6-Mar-2003
Red Hat Inc.	Vulnerable	7-Mar-2003

References

ftp://ftp.astron.com/pub/file

Credit

David Endler is credited for reporting this vulnerability. Information regarding this vulnerability was disclosed in an OpenPKG advisory and an I-Defense advisory.

This document was written by Jason A Rafail.

Other Information

Date Public:	2003-03-04
Date First Published:	2003-03-06
Date Last Updated:	2003-03-07
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	0.14
Document Revision:	11

If you have feedback, comments, or additional information about this vulnerability, please send us email.