Vulnerability Note VU#611865
Automatic File Content Type Recognition Tool vulnerable to stack overflow
A buffer overflow vulnerability exists in the "Automatic File Content Type Recognition Tool" versions of the file package prior to 3.41.
The file package is used to examine files on the system. According to an OpenPKG advisory, a stack overflow vulnerability exists in the "Automatic File Content Type Recognition Tool" (AFCTR tool) versions of the file package prior to 3.41.
It appears that an exploit for this vulnerability has been posted to the bugtraq mailing list.
If an attacker can craft a malicious file on the system and trick a victim to examine the file using the AFCTR tool, they can execute arbitrary code with the privileges of the victim.
Upgrade to the version 3.41 of the file package, or apply a patch specified by your vendor.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|OpenPKG||Affected||-||06 Mar 2003|
|Red Hat Inc.||Affected||-||07 Mar 2003|
CVSS Metrics (Learn More)
David Endler is credited for reporting this vulnerability. Information regarding this vulnerability was disclosed in an OpenPKG advisory and an I-Defense advisory.
This document was written by Jason A Rafail.
- CVE IDs: Unknown
- Date Public: 04 Mar 2003
- Date First Published: 06 Mar 2003
- Date Last Updated: 07 Mar 2003
- Severity Metric: 0.14
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.