Re: Integer underflow in the "file" program before 4.20

看板FB_security作者時間19年前 (2007/04/19 22:43), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串3/3 (看更多)
Simon L. Nielsen wrote: > Thomas Vogt wrote: > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 > > "Integer underflow in the file_printf function in the "file" program > > before 4.20 allows user-assisted attackers to execute arbitrary code via > > a file that triggers a heap-based buffer overflow." > > > > Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The > > port has 4.20. > > Hey, > > While I haven't confirmed FreeBSD is vulnerable, I assume that is the > case. In any case, we (The FreeBSD Security Team) are working on this > isuse. Any news on this? It's been more than a month ... Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Gesch輎tsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M榀- chen, HRB 125758, Gesch輎tsf梶rer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." -- RFC 1925 _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 olli. 的文章
文章代碼(AID): #169t_t00 (FB_security)
更多 olli. 的文章
文章代碼(AID): #169t_t00 (FB_security)