Date: Thu, 29 Mar 2007 16:22:58 +0200 From: Thomas Vogt <thomas@bsdunix.ch> To: freebsd-security@freebsd.org Subject: Integer underflow in the "file" program before 4.20 Message-ID: <1175178178.80069.31.camel@bert.mlan.solnet.ch>
next in thread | raw e-mail | index | archive | help
Hello http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 "Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow." Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The port has 4.20. Regards, Thomas -- Terry Lambert: "It is not unix's job to stop you from shooting your foot. If you so choose to do so, then it is UNIX's job to deliver Mr. Bullet to Mr Foot in the most efficient way it knows."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1175178178.80069.31.camel>