Re: Integer underflow in the "file" program before 4.20

看板FB_security作者時間19年前 (2007/03/31 19:31), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/3 (看更多)
Simon L. Nielsen schrieb: > On 2007.03.29 16:22:58 +0200, Thomas Vogt wrote: > > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 >> "Integer underflow in the file_printf function in the "file" program >> before 4.20 allows user-assisted attackers to execute arbitrary code via >> a file that triggers a heap-based buffer overflow." >> >> Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The >> port has 4.20. >> > > Hey, > > While I haven't confirmed FreeBSD is vulnerable, I assume that is the > case. In any case, we (The FreeBSD Security Team) are working on this > isuse. > > In any case, I'd also be happy to see the base file upgraded, since the current one has some known issues. E.g. it coredumps sometimes when using from amavisd-new, while the newer version from ports works well. Gabor _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 gabor. 的文章
文章代碼(AID): #163aQB00 (FB_security)
更多 gabor. 的文章
文章代碼(AID): #163aQB00 (FB_security)