ID CVE-2007-2799
Summary Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
References
Vulnerable Configurations
  • cpe:2.3:a:file:file:4.2
    cpe:2.3:a:file:file:4.2
  • cpe:2.3:a:sleuth_kit:the_sleuth_kith
    cpe:2.3:a:sleuth_kit:the_sleuth_kith
CVSS
Base: 5.1 (as of 24-05-2007 - 13:19)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200705-25.NASL
    description The remote host is affected by the vulnerability described in GLSA-200705-25 (file: Integer overflow) Colin Percival from FreeBSD reported that the previous fix for the file_printf() buffer overflow introduced a new integer overflow. Impact : A remote attacker could entice a user to run the file program on an overly large file (more than 1Gb) that would trigger an integer overflow on 32-bit systems, possibly leading to the execution of arbitrary code with the rights of the user running file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25384
    published 2007-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25384
    title GLSA-200705-25 : file: Integer overflow
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070530_FILE_ON_SL5_X.NASL
    description The fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-2799)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60191
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60191
    title Scientific Linux Security Update : file on SL5.x, SL4.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-0836.NASL
    description Update to new upstream 4.21 should also fix CVE-2007-2799 file integer overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27681
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27681
    title Fedora 7 : file-4.21-1.fc7 (2007-0836)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-439-2.NASL
    description USN-439-1 fixed a vulnerability in file. The original fix did not fully solve the problem. This update provides a more complete solution. Jean-Sebastien Guay-Leroux discovered that 'file' did not correctly check the size of allocated heap memory. If a user were tricked into examining a specially crafted file with the 'file' utility, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28036
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28036
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : file vulnerability (USN-439-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FILE-3755.NASL
    description This update fixes an integer overflow in function file_printf() of file. This bug can be used to execute arbitrary code. (CVE-2007-2799)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29428
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29428
    title SuSE 10 Security Update : file (ZYPP Patch Number 3755)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200710-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-200710-19 (The Sleuth Kit: Integer underflow) Jean-Sebastien Guay-Leroux reported an integer underflow in the file_printf() function of the 'file' utility which is bundled with The Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not affected by the improper fix for this vulnerability (identified as CVE-2007-2799, see GLSA 200705-25) since version 4.20 of 'file' was never shipped with The Sleuth Kit ebuilds. Impact : A remote attacker could entice a user to run The Sleuth Kit on a file system containing a specially crafted file that would trigger a heap-based buffer overflow possibly leading to the execution of arbitrary code with the rights of the user running The Sleuth Kit. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 27517
    published 2007-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27517
    title GLSA-200710-19 : The Sleuth Kit: Integer underflow
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-114.NASL
    description The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file (CVE-2007-2799). As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption (CVE-2007-2026). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25439
    published 2007-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25439
    title Mandrake Linux Security Advisory : file (MDKSA-2007:114)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0391.NASL
    description An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The file command is used to identify a particular file according to the type of data contained by the file. The fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-2799) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25364
    published 2007-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25364
    title RHEL 4 / 5 : file (RHSA-2007:0391)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0391.NASL
    description An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The file command is used to identify a particular file according to the type of data contained by the file. The fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-2799) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25355
    published 2007-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25355
    title CentOS 4 / 5 : file (CESA-2007:0391)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1343.NASL
    description Colin Percival discovered an integer overflow in file, a file type classification tool, which may lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25826
    published 2007-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25826
    title Debian DSA-1343-1 : file - integer overflow
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0391.NASL
    description From Red Hat Security Advisory 2007:0391 : An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The file command is used to identify a particular file according to the type of data contained by the file. The fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-2799) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67507
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67507
    title Oracle Linux 4 / 5 : file (ELSA-2007-0391)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FILE-3757.NASL
    description This update fixes an integer overflow in function file_printf() of file. This bug can be used to execute arbitrary code. (CVE-2007-2799)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27216
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27216
    title openSUSE 10 Security Update : file (file-3757)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-002.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 31605
    published 2008-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31605
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-002)
oval via4
accepted 2013-04-29T04:10:44.370-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
family unix
id oval:org.mitre.oval:def:11012
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
version 24
redhat via4
advisories
bugzilla
id 241027
title CVE-2007-2799 file integer overflow
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • comment file is earlier than 0:4.10-3.0.2.el4
      oval oval:com.redhat.rhsa:tst:20070391002
    • comment file is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070124003
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment file is earlier than 0:4.17-9.0.1.el5
      oval oval:com.redhat.rhsa:tst:20070391005
    • comment file is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070124006
rhsa
id RHSA-2007:0391
released 2007-05-30
severity Moderate
title RHSA-2007:0391: file security update (Moderate)
rpms
  • file-0:4.10-3.0.2.el4
  • file-0:4.17-9.0.1.el5
refmap via4
apple APPLE-SA-2008-03-18
bid 24146
bugtraq 20070524 FLEA-2007-0022-1: file
confirm
debian DSA-1343
gentoo GLSA-200705-25
mandriva MDKSA-2007:114
netbsd NetBSD-SA2008-001
osvdb 38498
sectrack 1018140
secunia
  • 25394
  • 25544
  • 25578
  • 25931
  • 26203
  • 26294
  • 26415
  • 29179
  • 29420
suse SUSE-SA:2007:040
trustix 2007-0024
ubuntu USN-439-2
vupen
  • ADV-2007-2071
  • ADV-2008-0924
xf file-assert-code-execution(34731)
Last major update 30-10-2012 - 22:36
Published 23-05-2007 - 17:30
Last modified 16-10-2018 - 12:45
Back to Top