File(1)工具file_printf整数溢出漏洞

admin
admin
admin
0
文章
0
评论
2022-07-23 01:50:01 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

File(1)工具file_printf整数溢出漏洞

  • CNNVD编号:CNNVD-200703-452
  • 危害等级: 中危
  • CVE编号: CVE-2007-1536
  • 漏洞类型: 数字错误
  • 发布时间: 2007-03-20
  • 威胁类型: 远程
  • 更新时间: 2007-06-27
  • 厂        商: file
  • 漏洞来源: Jean-Sebastien Gua...

漏洞简介

File(1)是用于查看文件类型信息的命令行工具。 File工具的file_printf函数中存在整数下溢漏洞,如果用户使用File命令查看了特制文件的话,就可以触发堆溢出,导致执行任意指令。

漏洞公告

厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1274-1)以及相应补丁:

DSA-1274-1:New file packages fix arbitrary code execution

链接: http://www.debian.org/security/2007/dsa-1274

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.dsc

Size/MD5 checksum: 693 951d84ef18e8738d58cda73d1680ce66

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.diff.gz

Size/MD5 checksum: 24145 ef79b92b6d0d4af9985200abb3eb24f5

http://security.debian.org/pool/updates/main/f/file/file_4.17.orig.tar.gz

Size/MD5 checksum: 556270 50919c65e0181423d66bb25d7fe7b0fd

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_alpha.deb

Size/MD5 checksum: 32578 75a84c91d0dc6e4045e0307cc62fb918

http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_alpha.deb

Size/MD5 checksum: 70020 b69805d0887244d6b7918080df4e8b7b

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_alpha.deb

Size/MD5 checksum: 281336 6276a026bb520a16fcfb947dc725eb43

http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_alpha.deb

Size/MD5 checksum: 23568 94acf8d52b7856807e71b35d60eb74af

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_amd64.deb

Size/MD5 checksum: 276290 37c72fc764b288f8d4a7894f4cebf3ef

http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_amd64.deb

Size/MD5 checksum: 56574 2aba6876dd12752ea2ecd56f898ab9af

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_amd64.deb

Size/MD5 checksum: 32104 0f00096249fe444ebb95ddae6492909c

http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_amd64.deb

Size/MD5 checksum: 23394 36dd3f866c7fb19e77d761b8416b4b2c

arm architecture (ARM)

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_arm.deb

Size/MD5 checksum: 31742 43b1a7fee3dfd774824f8293e9220073

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_arm.deb

Size/MD5 checksum: 274096 1f863470c5588fbc24847bd1a1c7759f

http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_arm.deb

Size/MD5 checksum: 53536 ee901555075f56e83be246d395e4718c

http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_arm.deb

Size/MD5 checksum: 22818 748d71238d5e4e1624a57eaacf28ab5c

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_hppa.deb

Size/MD5 checksum: 32648 55eae0d1ec07c49ccfe1345884dab0f0

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_hppa.deb

Size/MD5 checksum: 281328 0921611f2e7dbf5f1d94ded1e7887321

http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_hppa.deb

Size/MD5 checksum: 63238 69270cb5bd7219367fcf269f1c624cb0

http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_hppa.deb

Size/MD5 checksum: 23892 98ac67130b2f5c8faadba02c304bee05

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_i386.deb

Size/MD5 checksum: 275476 73727e6a1bee1b2050fe7d010fb832d2

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_i386.deb

Size/MD5 checksum: 31714 e016c717ba5d75feede13eeeab5f7cf3

http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_i386.deb

Size/MD5 checksum: 22632 d4f1bd064d6531149b5b643b102bf1da

http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_i386.deb

Size/MD5 checksum: 53782 cb34870b1e90d01a8cf7894b8b2b3559

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_ia64.deb

Size/MD5 checksum: 34260 4e287815dbec95b699ee6ea1b2151f7c

http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_ia64.deb

Size/MD5 checksum: 24600 51d7107c00e200715bddee79f4b53749

http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_ia64.deb

Size/MD5 checksum: 291318 1573c597577a1db4fbca2295fb790793

http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_ia64.deb

Size/MD5 checksum: 74386 b8c3908f66d5db52ec48d606e709beb4

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_m68k.deb

Size/MD5 check

参考网址

来源: VU#606700 名称: VU#606700 链接:http://www.kb.cert.org/vuls/id/606700 来源: SECUNIA 名称: 24548 链接:http://secunia.com/advisories/24548 来源: MLIST 名称: [file] 20070302 file-4.20 is now available 链接:http://mx.gw.com/pipermail/file/2007/000161.HTML 来源: issues.rpath.com 链接:https://issues.rpath.com/browse/RPL-1148 来源: bugs.gentoo.org 链接:https://bugs.gentoo.org/show_bug.cgi?id=171452 来源: UBUNTU 名称: USN-439-1 链接:http://www.ubuntu.com/usn/usn-439-1 来源: SECTRACK 名称: 1017796 链接:http://www.securitytracker.com/id?1017796 来源: BID 名称: 23021 链接:http://www.securityfocus.com/bid/23021 来源: REDHAT 名称: RHSA-2007:0124 链接:http://www.redhat.com/support/errata/RHSA-2007-0124.HTML 来源: SUSE 名称: SUSE-SR:2007:005 链接:http://www.novell.com/linux/security/advisories/2007_5_sr.HTML 来源: VUPEN 名称: ADV-2007-1040 链接:http://www.frsirt.com/english/advisories/2007/1040 来源: DEBIAN 名称: DSA-1274 链接:http://www.debian.org/security/2007/dsa-1274 来源: support.avaya.com 链接:http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm 来源: SLACKWARE 名称: SSA:2007-093-01 链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.512926 来源: GENTOO 名称: GLSA-200703-26 链接:http://security.gentoo.org/glsa/glsa-200703-26.xml 来源: SECUNIA 名称: 25133 链接:http://secunia.com/advisories/25133 来源: SECUNIA 名称: 24754 链接:http://secunia.com/advisories/24754 来源: SECUNIA 名称: 24723 链接:http://secunia.com/advisories/24723 来源: SECUNIA 名称: 24617 链接:http://secunia.com/advisories/24617 来源: SECUNIA 名称: 24616 链接:http://secunia.com/advisories/24616 来源: SECUNIA 名称: 24608 链接:http://secunia.com/advisories/24608 来源: SECUNIA 名称: 24604 链接:http://secunia.com/advisories/24604 来源: SECUNIA 名称: 24592 链接:http://secunia.com/advisories/24592 来源: MANDRIVA 名称: MDKSA-2007:067 链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:067 来源: XF 名称: openbsd-file-bo(36283) 链接:http://xforce.iss.net/xforce/xfdb/36283 来源: BUGTRAQ 名称: 20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity 链接:http://www.securityfocus.com/archive/1/archive/1/477950/100/0/threaded 来源: BUGTRAQ 名称: 20070825 OpenBSD 4.1 - Heap overflow vulnerabillity 链接:http://www.securityfocus.com/archive/1/archive/1/477861/100/0/threaded 来源: SUSE 名称: SUSE-SA:2007:040 链接:http://www.novell.com/linux/security/advisories/2007_40_file.HTML 来源: MANDRIVA 名称: MDKSA-2007:067 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:067 来源: VUPEN 名称: ADV-2007-1939 链接:http://www.frsirt.com/english/advisories/2007/1939 来源: GENTOO 名称: GLSA-200710-19 链接:http://security.gentoo.org/glsa/glsa-200710-19.xml 来源: FREEBSD 名称: FreeBSD-SA-07:04 链接:http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc 来源: SECUNIA 名称: 29179 链接:http://secunia.com/advisories/29179 来源: SECUNIA 名称: 27314 链接:http://secunia.com/advisories/27314 来源: SECUNIA 名称: 27307 链接:http://secunia.com/advisories/27307 来源: SECUNIA 名称: 25989 链接:http://secunia.com/advisories/25989 来源: SECUNIA 名称: 25931 链接:http://secunia.com/advisories/25931 来源: SECUNIA 名称: 25402 链接:http://secunia.com/advisories/25402 来源: SECUNIA 名称: 25393 链接:http://secunia.com/advisories/25393 来源: OPENBSD 名称: [4.0] 20070709 015: SECURITY FIX: July 9, 2007 链接:http://openbsd.org/errata40.HTML#015_file 来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple 名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2007-05-24 链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2007/May/msg00004.HTML 来源: docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com 链接:http://docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/article.HTML?artnum=305530 来源: NETBSD 名称: NetBSD-SA2008-001 链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc

受影响实体

  • File File:4.19  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0