16943 – Ebuild: sys-apps/file - buffer overflow exploit

Bug 16943 - Ebuild: sys-apps/file - buffer overflow exploit

Summary: Ebuild: sys-apps/file - buffer overflow exploit

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All All

Importance:	Highest critical (vote)
Assignee:	Gentoo Security

URL:	http://www.idefense.com/advisory/03.0...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-03-06 00:41 UTC by Samuel Greenfeld
Modified:	2003-03-08 17:11 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Samuel Greenfeld 2003-03-06 00:41:44 UTC

See http://www.idefense.com/advisory/03.04.03.txt

Not the worst exploit in the world (one system user has to specifically convince
another to examine a specially crafted file with the file utility in order to
force code execution), but one that should be eventually fixed.

Soultion: Provide an ebuild for File 3.41 to counter.

Reproducible: Always
Steps to Reproduce:

Comment 1 klavs klavsen 2003-03-06 04:36:52 UTC

It is NOT only a local exploit - it can be EXPLOITED REMOTELY if you use content-filters such as amavis, amavis-ng amavisd or amavisd-new as far as I'm aware of. Because they inspect every file you email to them.

So all you using those filters - and perhaps others? would do nicely to upgrade your file tool.

IE. it should be marked as important.

Comment 2 Daniel Ahlberg (RETIRED) gentoo-dev

2003-03-08 17:11:48 UTC

glsa sent