From owner-freebsd-security@FreeBSD.ORG Thu Apr 19 14:37:28 2007 Return-Path: X-Original-To: freebsd-security@FreeBSD.ORG Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2E95016A401 for ; Thu, 19 Apr 2007 14:37:28 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.freebsd.org (Postfix) with ESMTP id A4A0E13C483 for ; Thu, 19 Apr 2007 14:37:27 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (ovsjiv@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id l3JE4iht064267; Thu, 19 Apr 2007 16:04:50 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id l3JE4i6U064266; Thu, 19 Apr 2007 16:04:44 +0200 (CEST) (envelope-from olli) Date: Thu, 19 Apr 2007 16:04:44 +0200 (CEST) Message-Id: <200704191404.l3JE4i6U064266@lurza.secnetix.de> From: Oliver Fromme To: freebsd-security@FreeBSD.ORG, simon@FreeBSD.ORG, thomas@bsdunix.ch In-Reply-To: <20070331054103.GA982@zaphod.nitro.dk> X-Newsgroups: list.freebsd-security User-Agent: tin/1.8.2-20060425 ("Shillay") (UNIX) (FreeBSD/4.11-STABLE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Thu, 19 Apr 2007 16:04:50 +0200 (CEST) Cc: Subject: Re: Integer underflow in the "file" program before 4.20 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-security@FreeBSD.ORG, simon@FreeBSD.ORG, thomas@bsdunix.ch List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Apr 2007 14:37:28 -0000 Simon L. Nielsen wrote: > Thomas Vogt wrote: > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 > > "Integer underflow in the file_printf function in the "file" program > > before 4.20 allows user-assisted attackers to execute arbitrary code via > > a file that triggers a heap-based buffer overflow." > > > > Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The > > port has 4.20. > > Hey, > > While I haven't confirmed FreeBSD is vulnerable, I assume that is the > case. In any case, we (The FreeBSD Security Team) are working on this > isuse. Any news on this? It's been more than a month ... Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." -- RFC 1925