file: integer overflow [LWN.net]

Package(s):

file

CVE #(s):

CVE-2007-2799

Created:

June 1, 2007

Updated:

October 19, 2007

Description:

Colin Percival from FreeBSD reported that the previous fix for the file_printf() buffer overflow introduced a new integer overflow. A remote attacker could entice a user to run the file program on an overly large file (more than 1Gb) that would trigger an integer overflow on 32-bit systems, possibly leading to the execution of arbitrary code with the rights of the user running file.

Alerts:

Gentoo	200710-19	2007-10-18
Debian	DSA-1343-2	2007-09-25
Debian	DSA-1343-1	2007-07-31
SuSE	SUSE-SA:2007:040	2007-07-04
Fedora	FEDORA-2007-0836	2007-07-03
Fedora	FEDORA-2007-538	2007-06-11
Fedora	FEDORA-2007-541	2007-06-11
Ubuntu	USN-439-2	2007-06-11
Mandriva	MDKSA-2007:114	2007-06-05
Gentoo	200705-25	2007-05-31

(Log in to post comments)

Also resolved in rPath Linux on 2007-05-24

Posted Jun 7, 2007 14:26 UTC (Thu) by michaelkjohnson (subscriber, #41438) [Link]

This issue is also resolved in rPSA-2007-0109

rPath Security Advisory: 2007-0109-1
Published: 2007-05-24
...
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799
...

Also resolved in rPath Linux on 2007-05-24

Posted Jun 14, 2007 3:22 UTC (Thu) by smithj (subscriber, #38034) [Link]

the LWN url for that advisory is http://lwn.net/Alerts/235784/

file: integer overflow

Posted Jun 14, 2007 3:23 UTC (Thu) by smithj (subscriber, #38034) [Link]

Foresight Linux fixed this with advisory http://lwn.net/Alerts/235786/