ID CVE-2007-2026
Summary The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
References
Vulnerable Configurations
  • cpe:2.3:a:amavis:virus_scanner
    cpe:2.3:a:amavis:virus_scanner
  • Gentoo File 4.20
    cpe:2.3:a:gentoo:file:4.20
CVSS
Base: 7.8 (as of 17-04-2007 - 13:31)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 79964
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79964
    title GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200704-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-200704-13 (File: Denial of Service) Conor Edberg discovered an error in the way file processes a specific regular expression. Impact : A remote attacker could entice a user to open a specially crafted file, using excessive CPU ressources and possibly leading to a Denial of Service. Note that this vulnerability could be also triggered through an automatic file scanner like amavisd-new. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25058
    published 2007-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25058
    title GLSA-200704-13 : File: Denial of Service
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-114.NASL
    description The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file (CVE-2007-2799). As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption (CVE-2007-2026). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25439
    published 2007-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25439
    title Mandrake Linux Security Advisory : file (MDKSA-2007:114)
refmap via4
bid 24146
bugtraq 20070524 FLEA-2007-0022-1: file
confirm
gentoo GLSA-200704-13
mandriva MDKSA-2007:114
misc http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user
secunia
  • 24918
  • 25394
  • 25544
  • 25578
vupen ADV-2007-2071
statements via4
contributor Mark J Cox
lastmodified 2007-06-07
organization Red Hat
statement Not vulnerable. These issues did not affect the versions of file as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 07-03-2011 - 21:53
Published 13-04-2007 - 14:19
Last modified 16-10-2018 - 12:41
Back to Top