CVE-2007-2799

Related Files

Gentoo Linux Security Advisory 200710-19

Posted Oct 18, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-19 - Jean-Sebastien Guay-Leroux reported an integer underflow in the file_printf() function of the file utility which is bundled with The Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not affected by the improper fix for this vulnerability (identified as CVE-2007-2799, see GLSA 200705-25) since version 4.20 of file was never shipped with The Sleuth Kit ebuilds. Versions less than 2.0.9 are affected.

tags | advisory

systems | linux, gentoo

advisories | CVE-2007-1536, CVE-2007-2799

SHA-256 | 5d8dc392bc814f2430ff4729c0bbb583a93e7c361c2421771358d7ced56bf0e9

Download | Favorite | View

Debian Linux Security Advisory 1343-2

Posted Sep 27, 2007

Authored by Debian | Site debian.org

Debian Security Advisory 1343-2 - The Debian 4.0r1 release contains a file package with the same version number as the last security update (4.17-5etch2), potentially overriding it. This security advisory reissues DSA-1343-1 with a higher version number, to ensure that its changes remain in effect. The changes from Debian 4.0r1 (which fix a minor denial of service issue, CVE-2007-2026) are included as well.

tags | advisory, denial of service

systems | linux, debian

advisories | CVE-2007-2799, CVE-2007-2026

SHA-256 | ea0fc63b398d84b59eb9945442c58506846b3adab43f0bee2dba81453354abf6

Download | Favorite | View

Debian Linux Security Advisory 1343-1

Posted Aug 1, 2007

Authored by Debian | Site debian.org

Debian Security Advisory 1343-1 - Colin Percival discovered an integer overflow in file, a file type classification tool, which may lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary

systems | linux, debian

advisories | CVE-2007-2799

SHA-256 | f1a3ff0b940d6633207e0721ff00fe07798f696e7aab5d2f739e4369785f35ba

Download | Favorite | View

Ubuntu Security Notice 439-2

Posted Jun 13, 2007

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 439-2 - USN-439-1 fixed a vulnerability in file. The original fix did not fully solve the problem. This update provides a more complete solution.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2007-2799

SHA-256 | e812f7357d844e826f45fd8565b7d6694fccc61631a26589dab8b6b3f53c93d6

Download | Favorite | View

Mandriva Linux Security Advisory 2007.114

Posted Jun 7, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file. As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption.

tags | advisory, denial of service, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2007-2026, CVE-2007-2799

SHA-256 | cae4022bb7ea6910fc77cadf0b9d709a67740bfc9477488f415d84f5f6312cdd

Download | Favorite | View