File Multiple Denial of Service Vulnerabilities
TITLE: File Multiple Denial of Service Vulnerabilities
CLASS: Failure to Handle Exceptional Conditions
CVE: CVE-2007-2026
CVE-2007-2799
REMOTE: Yes
LOCAL: No
PUBLISHED: May 24 2007 12:00AM
UPDATE: Jun 12 2007 12:00AM
CREDIT: The vendor reported these issues.
VULNERABLE:
Ubuntu Ubuntu Linux 7.04 sparcNOT VULNERABLE:
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Vai alla pagina originale su Security Focus
Discussion
The 'file' utility is prone to multiple denial-of-service vulnerabilities because it fails to handle exceptional conditions.
An attacker could exploit this issue by enticing a victim to open a specially crafted file. A denial-of-service condition can occur. Arbitrary code execution may be possible, but Symantec has not confirmed this.
Exploit
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
The vendor released an advisory and updates to address these issues. Please see the references more information.
Note: As reported by AMaViS, both of these issues as they affect AMaViS products are due to previous patch errors. Information on the original issues can be found in CVE-2007-1536, and CVE-2007-2026. The issues have been fixed with the latest release of AMaViSD-New 2.5.1 and File 4.21.
- AMaViS contains a denial-of-service vulnerability. This issue was purportedly resolved with the release of 'file-4.21' yet the vulnerability in the POSIX regex(3) library remained present due to an oversight in the AMaViS patch. The issue has been corrected in the latest version.
- AMaViS contains a buffer-overflow vulnerability in 'file(1)'. Reportedly, the AMaViS fix for the original security issue in file(1) utility version 4.20 (CVE-2007-1536) introduced an entirely new integer underflow. The new issue is outlined in CVE-2007-2799. The issue has been corrected in the latest version.
Please see the vendor references for additional information.
References
References:
- AMaViS Security Announcement ASA-2007-3 (AMaViS)
- Gentoo Linux Security Advisory GLSA-200704-13 (Gentoo)
- RHSA-2007:0391-3 file security update (Red Hat)