ID CVE-2007-1536
Summary Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:file:file:4.19
    cpe:2.3:a:file:file:4.19
CVSS
Base: 9.3 (as of 21-03-2007 - 20:03)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description File(1) 4.13 Command File_PrintF Integer Underflow Vulnerability. CVE-2007-1536. Remote exploit for linux platform
id EDB-ID:29753
last seen 2016-02-03
modified 2007-03-19
published 2007-03-19
reporter Jean-Sebastien Guay-Leroux
source https://www.exploit-db.com/download/29753/
title File1 <= 4.13 Command File_PrintF Integer Underflow Vulnerability
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 79964
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79964
    title GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-005.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 25297
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25297
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-005)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070530_FILE_ON_SL5_X.NASL
    description The fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-2799)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60191
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60191
    title Scientific Linux Security Update : file on SL5.x, SL4.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0124.NASL
    description An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The file command is used to identify a particular file according to the type of data contained by the file. An integer underflow flaw was found in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-1536) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24878
    published 2007-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24878
    title CentOS 4 : file (CESA-2007:0124)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-067.NASL
    description Jean-Sebastien Guay-Leroux discovered an integer underflow in the file_printf() function in file prior to 4.20 that allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. Updated packages have been patched to address this issue.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 24893
    published 2007-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24893
    title Mandrake Linux Security Advisory : file (MDKSA-2007:067)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200710-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-200710-19 (The Sleuth Kit: Integer underflow) Jean-Sebastien Guay-Leroux reported an integer underflow in the file_printf() function of the 'file' utility which is bundled with The Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not affected by the improper fix for this vulnerability (identified as CVE-2007-2799, see GLSA 200705-25) since version 4.20 of 'file' was never shipped with The Sleuth Kit ebuilds. Impact : A remote attacker could entice a user to run The Sleuth Kit on a file system containing a specially crafted file that would trigger a heap-based buffer overflow possibly leading to the execution of arbitrary code with the rights of the user running The Sleuth Kit. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 27517
    published 2007-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27517
    title GLSA-200710-19 : The Sleuth Kit: Integer underflow
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-439-1.NASL
    description Jean-Sebastien Guay-Leroux discovered that 'file' did not correctly check the size of allocated heap memory. If a user were tricked into examining a specially crafted file with the 'file' utility, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28035
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28035
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : file vulnerability (USN-439-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0124.NASL
    description An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The file command is used to identify a particular file according to the type of data contained by the file. An integer underflow flaw was found in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-1536) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24897
    published 2007-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24897
    title RHEL 4 / 5 : file (RHSA-2007:0124)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8E01AB5B094911DC8163000E0C2E438A.NASL
    description When writing data into a buffer in the file_printf function, the length of the unused portion of the buffer is not correctly tracked, resulting in a buffer overflow when processing certain files. Impact : An attacker who can cause file(1) to be run on a maliciously constructed input can cause file(1) to crash. It may be possible for such an attacker to execute arbitrary code with the privileges of the user running file(1). The above also applies to any other applications using the libmagic(3) library. Workaround : No workaround is available, but systems where file(1) and other libmagic(3)-using applications are never run on untrusted input are not vulnerable.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25359
    published 2007-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25359
    title FreeBSD : FreeBSD -- heap overflow in file(1) (8e01ab5b-0949-11dc-8163-000e0c2e438a)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0124.NASL
    description From Red Hat Security Advisory 2007:0124 : An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The file command is used to identify a particular file according to the type of data contained by the file. An integer underflow flaw was found in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-1536) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67463
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67463
    title Oracle Linux 4 : file (ELSA-2007-0124)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FILE-3034.NASL
    description An integer underflow within the ELF header parsing has been fixed which could lead to arbitrary code execution. CVE-2007-1536 has been assigned to this issue.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29427
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29427
    title SuSE 10 Security Update : file (ZYPP Patch Number 3034)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1274.NASL
    description An integer underflow bug has been found in the file_printf function in file, a tool to determine file types based analysis of file content. The bug could allow an attacker to execute arbitrary code by inducing a local user to examine a specially crafted file that triggers a buffer overflow.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 25008
    published 2007-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25008
    title Debian DSA-1274-1 : file - buffer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FILE-3033.NASL
    description An integer underflow within the ELF header parsing has been fixed which could lead to arbitrary code execution. CVE-2007-1536 has been assigned to this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27214
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27214
    title openSUSE 10 Security Update : file (file-3033)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200703-26.NASL
    description The remote host is affected by the vulnerability described in GLSA-200703-26 (file: Integer underflow) Jean-Sebastien Guay-Leroux reported an integer underflow in file_printf function. Impact : A remote attacker could entice a user to run the 'file' program on a specially crafted file that would trigger a heap-based buffer overflow possibly leading to the execution of arbitrary code with the rights of the user running 'file'. Note that this vulnerability could be also triggered through an automatic file scanner like amavisd-new. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 24931
    published 2007-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24931
    title GLSA-200703-26 : file: Integer underflow
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-093-01.NASL
    description New file packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and -current to fix a security issue. NOTE: In Slackware 11.0 and earlier, the file utility was part of the required 'bin' package, so this patch is needed even if your machine does not have a 'file' package installed (which, if you're not running Slackware -current, it probably does not).
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 24916
    published 2007-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24916
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 / current : file [and bin package] (SSA:2007-093-01)
oval via4
accepted 2013-04-29T04:07:29.970-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
family unix
id oval:org.mitre.oval:def:10658
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
version 24
redhat via4
advisories
bugzilla
id 233337
title CVE-2007-1536 file 4.20 fixes a heap overflow in that can result in arbitrary code execution
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • comment file is earlier than 0:4.10-3.EL4.5
      oval oval:com.redhat.rhsa:tst:20070124002
    • comment file is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070124003
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • comment file is earlier than 0:4.17-9.el5
      oval oval:com.redhat.rhsa:tst:20070124005
    • comment file is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070124006
rhsa
id RHSA-2007:0124
released 2007-03-23
severity Moderate
title RHSA-2007:0124: file security update (Moderate)
rpms
  • file-0:4.10-3.EL4.5
  • file-0:4.17-9.el5
refmap via4
apple APPLE-SA-2007-05-24
bid 23021
bugtraq
  • 20070825 OpenBSD 4.1 - Heap overflow vulnerabillity
  • 20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity
cert-vn VU#606700
confirm
debian DSA-1274
freebsd FreeBSD-SA-07:04
gentoo
  • GLSA-200703-26
  • GLSA-200710-19
mandriva MDKSA-2007:067
mlist [file] 20070302 file-4.20 is now available
netbsd NetBSD-SA2008-001
openbsd [4.0] 20070709 015: SECURITY FIX: July 9, 2007
sectrack 1017796
secunia
  • 24548
  • 24592
  • 24604
  • 24608
  • 24616
  • 24617
  • 24723
  • 24754
  • 25133
  • 25393
  • 25402
  • 25931
  • 25989
  • 27307
  • 27314
  • 29179
slackware SSA:2007-093-01
suse
  • SUSE-SA:2007:040
  • SUSE-SR:2007:005
ubuntu USN-439-1
vupen
  • ADV-2007-1040
  • ADV-2007-1939
xf openbsd-file-bo(36283)
Last major update 11-10-2011 - 00:00
Published 20-03-2007 - 16:19
Last modified 16-10-2018 - 12:38
Back to Top