From owner-freebsd-security@FreeBSD.ORG  Thu Mar 29 14:46:10 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 629ED16A402
	for <freebsd-security@freebsd.org>;
	Thu, 29 Mar 2007 14:46:10 +0000 (UTC)
	(envelope-from thomas@bsdunix.ch)
Received: from conversation.bsdunix.ch (ns1.bsdunix.ch [82.220.1.90])
	by mx1.freebsd.org (Postfix) with ESMTP id 257EE13C4BD
	for <freebsd-security@freebsd.org>;
	Thu, 29 Mar 2007 14:46:10 +0000 (UTC)
	(envelope-from thomas@bsdunix.ch)
Received: from localhost (localhost.bsdunix.ch [127.0.0.1])
	by conversation.bsdunix.ch (Postfix) with ESMTP id F19665CDE
	for <freebsd-security@freebsd.org>;
	Thu, 29 Mar 2007 16:23:14 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at mail.bsdunix.ch
Received: from conversation.bsdunix.ch ([127.0.0.1])
	by localhost (conversation.bsdunix.ch [127.0.0.1]) (amavisd-new,
	port 10024)
	with LMTP id 16lTBawte2eS for <freebsd-security@freebsd.org>;
	Thu, 29 Mar 2007 16:22:59 +0200 (CEST)
Received: from [212.101.1.83] (bert.mlan.solnet.ch [212.101.1.83])
	(using SSLv3 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by conversation.bsdunix.ch (Postfix) with ESMTP id 1F9585CB5
	for <freebsd-security@freebsd.org>;
	Thu, 29 Mar 2007 16:22:59 +0200 (CEST)
From: Thomas Vogt <thomas@bsdunix.ch>
To: freebsd-security@freebsd.org
Content-Type: text/plain
Date: Thu, 29 Mar 2007 16:22:58 +0200
Message-Id: <1175178178.80069.31.camel@bert.mlan.solnet.ch>
Mime-Version: 1.0
X-Mailer: Evolution 2.10.0 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Thu, 29 Mar 2007 16:16:56 +0000
Subject: Integer underflow in the "file" program before 4.20
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2007 14:46:10 -0000

Hello

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
"Integer underflow in the file_printf function in the "file" program
before 4.20 allows user-assisted attackers to execute arbitrary code via
a file that triggers a heap-based buffer overflow."

Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The
port has 4.20.

Regards,
Thomas
-- 
Terry Lambert:
"It is not unix's job to stop you from shooting your foot. If you so
choose to do so, then it is UNIX's job to deliver Mr. Bullet to Mr Foot
in the most efficient way it knows."