The file program contains a vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition.
file is a program for Unix-like operating systems that is used to determine what type of data is contained in a file.
file contains a buffer overflow vulnerability that is caused by an integer overflow in the file_printf function. To trigger the overflow, an attacker would need to convince a user to run a vulnerable version of file on a specially crafted file.
An attacker may be able to execute arbitrary code with the permissions of the user running the vulnerable version of file or cause the program to crash, creating a denial-of-service condition
Debian GNU/Linux Affected
Gentoo Linux Affected
Mandriva, Inc. Affected
Openwall GNU/*/Linux Affected
Red Hat, Inc. Affected
SUSE Linux Affected
Slackware Linux Inc. Affected
Trustix Secure Linux Affected
Microsoft Corporation Not Affected
Apache HTTP Server Project Unknown
Apple Computer, Inc. Unknown
Conectiva Inc. Unknown
Cray Inc. Unknown
Engarde Secure Linux Unknown
F5 Networks, Inc. Unknown
Fedora Project Unknown
FreeBSD, Inc. Unknown
Hewlett-Packard Company Unknown
IBM Corporation Unknown
IBM Corporation (zseries) Unknown
IBM eServer Unknown
Immunix Communications, Inc. Unknown
Ingrian Networks, Inc. Unknown
Juniper Networks, Inc. Unknown
MontaVista Software, Inc. Unknown
NEC Corporation Unknown
Novell, Inc. Unknown
QNX, Software Systems, Inc. Unknown
Silicon Graphics, Inc. Unknown
Sony Corporation Unknown
Sun Microsystems, Inc. Unknown
The SCO Group Unknown
Wind River Systems, Inc. Unknown
Thanks to Jean-Sstien Guay-Leroux and Christos Zoulas for information that was used in this report.
This document was written by Ryan Giobbi.
|Date First Published:||2007-03-26|
|Date Last Updated:||2007-10-16 12:29 UTC|