From owner-freebsd-security@FreeBSD.ORG Sat Mar 31 06:14:03 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 809DA16A405 for ; Sat, 31 Mar 2007 06:14:03 +0000 (UTC) (envelope-from gabor@FreeBSD.org) Received: from server.t-hosting.hu (server.t-hosting.hu [217.20.133.7]) by mx1.freebsd.org (Postfix) with ESMTP id 3C8EC13C480 for ; Sat, 31 Mar 2007 06:14:03 +0000 (UTC) (envelope-from gabor@FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) by server.t-hosting.hu (Postfix) with ESMTP id 3E84E9F2639; Sat, 31 Mar 2007 07:53:00 +0200 (CEST) X-Virus-Scanned: amavisd-new at t-hosting.hu Received: from server.t-hosting.hu ([127.0.0.1]) by localhost (server.t-hosting.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ehoYbkXSShhi; Sat, 31 Mar 2007 07:52:57 +0200 (CEST) Received: from [192.168.2.186] (catv-50635cb6.catv.broadband.hu [80.99.92.182]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by server.t-hosting.hu (Postfix) with ESMTP id 400C29F2576; Sat, 31 Mar 2007 07:52:57 +0200 (CEST) Message-ID: <460DF730.4080803@FreeBSD.org> Date: Sat, 31 Mar 2007 07:52:48 +0200 From: Gabor Kovesdan User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: "Simon L. Nielsen" References: <1175178178.80069.31.camel@bert.mlan.solnet.ch> <20070331054103.GA982@zaphod.nitro.dk> In-Reply-To: <20070331054103.GA982@zaphod.nitro.dk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sat, 31 Mar 2007 11:28:25 +0000 Cc: freebsd-security@freebsd.org, Thomas Vogt Subject: Re: Integer underflow in the "file" program before 4.20 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Mar 2007 06:14:03 -0000 Simon L. Nielsen schrieb: > On 2007.03.29 16:22:58 +0200, Thomas Vogt wrote: > > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 >> "Integer underflow in the file_printf function in the "file" program >> before 4.20 allows user-assisted attackers to execute arbitrary code via >> a file that triggers a heap-based buffer overflow." >> >> Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The >> port has 4.20. >> > > Hey, > > While I haven't confirmed FreeBSD is vulnerable, I assume that is the > case. In any case, we (The FreeBSD Security Team) are working on this > isuse. > > In any case, I'd also be happy to see the base file upgraded, since the current one has some known issues. E.g. it coredumps sometimes when using from amavisd-new, while the newer version from ports works well. Gabor