A buffer overflow vulnerability exists in the "Automatic File Content Type Recognition Tool" versions of the file package prior to 3.41.
The file package is used to examine files on the system. According to an OpenPKG advisory, a stack overflow vulnerability exists in the "Automatic File Content Type Recognition Tool" (AFCTR tool) versions of the file package prior to 3.41.
It appears that an exploit for this vulnerability has been posted to the bugtraq mailing list.
If an attacker can craft a malicious file on the system and trick a victim to examine the file using the AFCTR tool, they can execute arbitrary code with the privileges of the victim.
Upgrade to the version 3.41 of the file package, or apply a patch specified by your vendor.
David Endler is credited for reporting this vulnerability. Information regarding this vulnerability was disclosed in an OpenPKG advisory and an I-Defense advisory.
This document was written by Jason A Rafail.
|Date First Published:||2003-03-06|
|Date Last Updated:||2003-03-07 20:16 UTC|