Date: Sat, 31 Mar 2007 07:41:04 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Thomas Vogt <thomas@bsdunix.ch> Cc: freebsd-security@freebsd.org Subject: Re: Integer underflow in the "file" program before 4.20 Message-ID: <20070331054103.GA982@zaphod.nitro.dk> In-Reply-To: <1175178178.80069.31.camel@bert.mlan.solnet.ch> References: <1175178178.80069.31.camel@bert.mlan.solnet.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2007.03.29 16:22:58 +0200, Thomas Vogt wrote: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 > "Integer underflow in the file_printf function in the "file" program > before 4.20 allows user-assisted attackers to execute arbitrary code via > a file that triggers a heap-based buffer overflow." > > Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The > port has 4.20. Hey, While I haven't confirmed FreeBSD is vulnerable, I assume that is the case. In any case, we (The FreeBSD Security Team) are working on this isuse. -- Simon L. Nielsen FreeBSD Security Team
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070331054103.GA982>