Re: Integer underflow in the "file" program before 4.20
On 2007.03.29 16:22:58 +0200, Thomas Vogt wrote:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
> "Integer underflow in the file_printf function in the "file" program
> before 4.20 allows user-assisted attackers to execute arbitrary code via
> a file that triggers a heap-based buffer overflow."
>
> Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The
> port has 4.20.
Hey,
While I haven't confirmed FreeBSD is vulnerable, I assume that is the
case. In any case, we (The FreeBSD Security Team) are working on this
isuse.
--
Simon L. Nielsen
FreeBSD Security Team
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 1 之 3 篇):