Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 171452 - sys-apps/file < 4.20 integer underflow (CVE-2007-1536)
Summary: sys-apps/file < 4.20 integer underflow (CVE-2007-1536)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa] p-y
Depends on:
Reported: 2007-03-19 16:38 UTC by Pierre-Yves Rofes (RETIRED)
Modified: 2007-05-24 01:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-03-19 16:38:11 UTC
Jean-Sebastien Guay-Lero has reported a vulnerability in file, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an unspecified integer underflow
within the "file_printf" function, which can be exploited to cause a
heap-based buffer overflow.

versions < 4.20 are vulnerable.

Arches, please stabilize sys-apps/file-4.20. Thanks.
Comment 1 solar (RETIRED) gentoo-dev 2007-03-19 17:14:07 UTC
just a note. that file-4.20 does not compile on uClibc (non posix regex defines) It introduces new features which our team has yet had time to review.

A backported fix might be better
Comment 2 solar (RETIRED) gentoo-dev 2007-03-19 17:48:29 UTC
It will compile with a small patch that adds.
# define REG_STARTEND (1 << 2)
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2007-03-20 02:02:01 UTC
No uclibc for HPPA, so I keyworded 4.20.
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2007-03-21 11:54:10 UTC
no uclibc on ppc64 either, so stable there, too.
Comment 5 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2007-03-21 18:33:42 UTC
no uclibc on alpha, no cookie.
4.20 stable anyway.
Comment 6 Christoph Mende (RETIRED) gentoo-dev 2007-03-21 23:18:36 UTC
emerges fine and works on amd64, not sure about that uclibc thingy since there's only uclibc++ on amd64

Portage (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.20-beyond2 x86_64)
System uname: 2.6.20-beyond2 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
Gentoo Base System release 1.12.9
Timestamp of tree: Wed, 21 Mar 2007 21:50:01 +0000
ccache version 2.4 [enabled]
dev-java/java-config: 1.3.7, 2.0.31
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r6
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
CFLAGS="-march=k8 -O2 -pipe -msse3"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe -msse3"
FEATURES="autoconfig buildsyspkg ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
USE="X a52 aac acpi alsa amd64 amr audiofile berkdb bitmap-fonts bzip2 cairo cdinstall cdr cli cracklib crypt cups dbus dri dts dvd dvdr dvdread eds emboss encode fam firefox fortran gdbm gif gpm gstreamer gtk gtk2 hal iconv jpeg ldap libg++ lirc logrotate mad midi mikmod mp3 mpeg ncurses nls nptl nptlonly offensive ogg opengl pam pcre php png ppds pppd quicktime readline reflection sdl session smp socks5 spl ssl svg symlink tcpd test tiff truetype truetype-fonts type1-fonts unicode v4l vim vorbis x264 xinerama xorg xv xvid zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="evdev keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIRC_DEVICES="inputlirc" USERLAND="GNU" VIDEO_CARDS="nvidia"
Comment 7 Steve Dibb (RETIRED) gentoo-dev 2007-03-22 02:15:32 UTC
amd64 stable anyway
Comment 8 Chris Gianelloni (RETIRED) gentoo-dev 2007-03-22 22:10:12 UTC
solar: any word?
Comment 9 SpanKY gentoo-dev 2007-03-22 22:51:54 UTC
dont worry about the uclibc profile, it will be accounted for ... stabilize for glibc/default-linux as normal
Comment 10 Christian Faulhammer (RETIRED) gentoo-dev 2007-03-23 07:22:38 UTC
x86 goes stable then
Comment 11 Gustavo Zacarias (RETIRED) gentoo-dev 2007-03-23 13:07:11 UTC
okie dokie sparc stable.
Comment 12 Tobias Scherbaum (RETIRED) gentoo-dev 2007-03-23 18:44:51 UTC
ppc stable
Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-03-23 18:50:37 UTC
thanks arches, ready for glsa.
Comment 14 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-03-30 20:53:39 UTC
GLSA 200703-26, thanks to everybody!
Comment 15 Roy Marples (RETIRED) gentoo-dev 2007-05-24 01:30:11 UTC
*** Bug 179583 has been marked as a duplicate of this bug. ***