exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2007-2799

Status Candidate

Overview

Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

Related Files

Gentoo Linux Security Advisory 200710-19
Posted Oct 18, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-19 - Jean-Sebastien Guay-Leroux reported an integer underflow in the file_printf() function of the file utility which is bundled with The Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not affected by the improper fix for this vulnerability (identified as CVE-2007-2799, see GLSA 200705-25) since version 4.20 of file was never shipped with The Sleuth Kit ebuilds. Versions less than 2.0.9 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-1536, CVE-2007-2799
SHA-256 | 5d8dc392bc814f2430ff4729c0bbb583a93e7c361c2421771358d7ced56bf0e9
Debian Linux Security Advisory 1343-2
Posted Sep 27, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1343-2 - The Debian 4.0r1 release contains a file package with the same version number as the last security update (4.17-5etch2), potentially overriding it. This security advisory reissues DSA-1343-1 with a higher version number, to ensure that its changes remain in effect. The changes from Debian 4.0r1 (which fix a minor denial of service issue, CVE-2007-2026) are included as well.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2007-2799, CVE-2007-2026
SHA-256 | ea0fc63b398d84b59eb9945442c58506846b3adab43f0bee2dba81453354abf6
Debian Linux Security Advisory 1343-1
Posted Aug 1, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1343-1 - Colin Percival discovered an integer overflow in file, a file type classification tool, which may lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-2799
SHA-256 | f1a3ff0b940d6633207e0721ff00fe07798f696e7aab5d2f739e4369785f35ba
Ubuntu Security Notice 439-2
Posted Jun 13, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 439-2 - USN-439-1 fixed a vulnerability in file. The original fix did not fully solve the problem. This update provides a more complete solution.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-2799
SHA-256 | e812f7357d844e826f45fd8565b7d6694fccc61631a26589dab8b6b3f53c93d6
Mandriva Linux Security Advisory 2007.114
Posted Jun 7, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file. As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-2026, CVE-2007-2799
SHA-256 | cae4022bb7ea6910fc77cadf0b9d709a67740bfc9477488f415d84f5f6312cdd
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close