ID CVE-2007-2026
Summary The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
References
Vulnerable Configurations
  • cpe:2.3:a:amavis:virus_scanner:*:*:*:*:*:*:*:*
    cpe:2.3:a:amavis:virus_scanner:*:*:*:*:*:*:*:*
  • cpe:2.3:a:gentoo:file:4.20:*:*:*:*:*:*:*
    cpe:2.3:a:gentoo:file:4.20:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 16-10-2018 - 16:41)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 24146
bugtraq 20070524 FLEA-2007-0022-1: file
confirm
gentoo GLSA-200704-13
mandriva MDKSA-2007:114
misc http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user
secunia
  • 24918
  • 25394
  • 25544
  • 25578
vupen ADV-2007-2071
statements via4
contributor Mark J Cox
lastmodified 2007-06-07
organization Red Hat
statement Not vulnerable. These issues did not affect the versions of file as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 16-10-2018 - 16:41
Published 13-04-2007 - 18:19
Back to Top