漏洞信息详情
File(1)工具file_printf整数溢出漏洞
- CNNVD编号:CNNVD-200703-452
- 危害等级: 中危
- CVE编号: CVE-2007-1536
- 漏洞类型: 数字错误
- 发布时间: 2007-03-20
- 威胁类型: 远程
- 更新时间: 2007-06-27
- 厂 商: file
- 漏洞来源: Jean-Sebastien Gua...
漏洞简介
File(1)是用于查看文件类型信息的命令行工具。 File工具的file_printf函数中存在整数下溢漏洞,如果用户使用File命令查看了特制文件的话,就可以触发堆溢出,导致执行任意指令。
漏洞公告
厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1274-1)以及相应补丁:
DSA-1274-1:New file packages fix arbitrary code execution
链接: http://www.debian.org/security/2007/dsa-1274
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.dsc
Size/MD5 checksum: 693 951d84ef18e8738d58cda73d1680ce66
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.diff.gz
Size/MD5 checksum: 24145 ef79b92b6d0d4af9985200abb3eb24f5
http://security.debian.org/pool/updates/main/f/file/file_4.17.orig.tar.gz
Size/MD5 checksum: 556270 50919c65e0181423d66bb25d7fe7b0fd
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_alpha.deb
Size/MD5 checksum: 32578 75a84c91d0dc6e4045e0307cc62fb918
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_alpha.deb
Size/MD5 checksum: 70020 b69805d0887244d6b7918080df4e8b7b
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_alpha.deb
Size/MD5 checksum: 281336 6276a026bb520a16fcfb947dc725eb43
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_alpha.deb
Size/MD5 checksum: 23568 94acf8d52b7856807e71b35d60eb74af
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_amd64.deb
Size/MD5 checksum: 276290 37c72fc764b288f8d4a7894f4cebf3ef
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_amd64.deb
Size/MD5 checksum: 56574 2aba6876dd12752ea2ecd56f898ab9af
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_amd64.deb
Size/MD5 checksum: 32104 0f00096249fe444ebb95ddae6492909c
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_amd64.deb
Size/MD5 checksum: 23394 36dd3f866c7fb19e77d761b8416b4b2c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_arm.deb
Size/MD5 checksum: 31742 43b1a7fee3dfd774824f8293e9220073
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_arm.deb
Size/MD5 checksum: 274096 1f863470c5588fbc24847bd1a1c7759f
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_arm.deb
Size/MD5 checksum: 53536 ee901555075f56e83be246d395e4718c
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_arm.deb
Size/MD5 checksum: 22818 748d71238d5e4e1624a57eaacf28ab5c
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_hppa.deb
Size/MD5 checksum: 32648 55eae0d1ec07c49ccfe1345884dab0f0
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_hppa.deb
Size/MD5 checksum: 281328 0921611f2e7dbf5f1d94ded1e7887321
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_hppa.deb
Size/MD5 checksum: 63238 69270cb5bd7219367fcf269f1c624cb0
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_hppa.deb
Size/MD5 checksum: 23892 98ac67130b2f5c8faadba02c304bee05
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_i386.deb
Size/MD5 checksum: 275476 73727e6a1bee1b2050fe7d010fb832d2
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_i386.deb
Size/MD5 checksum: 31714 e016c717ba5d75feede13eeeab5f7cf3
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_i386.deb
Size/MD5 checksum: 22632 d4f1bd064d6531149b5b643b102bf1da
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_i386.deb
Size/MD5 checksum: 53782 cb34870b1e90d01a8cf7894b8b2b3559
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_ia64.deb
Size/MD5 checksum: 34260 4e287815dbec95b699ee6ea1b2151f7c
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_ia64.deb
Size/MD5 checksum: 24600 51d7107c00e200715bddee79f4b53749
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_ia64.deb
Size/MD5 checksum: 291318 1573c597577a1db4fbca2295fb790793
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_ia64.deb
Size/MD5 checksum: 74386 b8c3908f66d5db52ec48d606e709beb4
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_m68k.deb
Size/MD5 check
参考网址
来源: VU#606700 名称: VU#606700 链接:http://www.kb.cert.org/vuls/id/606700 来源: SECUNIA 名称: 24548 链接:http://secunia.com/advisories/24548 来源: MLIST 名称: [file] 20070302 file-4.20 is now available 链接:http://mx.gw.com/pipermail/file/2007/000161.HTML 来源: issues.rpath.com 链接:https://issues.rpath.com/browse/RPL-1148 来源: bugs.gentoo.org 链接:https://bugs.gentoo.org/show_bug.cgi?id=171452 来源: UBUNTU 名称: USN-439-1 链接:http://www.ubuntu.com/usn/usn-439-1 来源: SECTRACK 名称: 1017796 链接:http://www.securitytracker.com/id?1017796 来源: BID 名称: 23021 链接:http://www.securityfocus.com/bid/23021 来源: REDHAT 名称: RHSA-2007:0124 链接:http://www.redhat.com/support/errata/RHSA-2007-0124.HTML 来源: SUSE 名称: SUSE-SR:2007:005 链接:http://www.novell.com/linux/security/advisories/2007_5_sr.HTML 来源: VUPEN 名称: ADV-2007-1040 链接:http://www.frsirt.com/english/advisories/2007/1040 来源: DEBIAN 名称: DSA-1274 链接:http://www.debian.org/security/2007/dsa-1274 来源: support.avaya.com 链接:http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm 来源: SLACKWARE 名称: SSA:2007-093-01 链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.512926 来源: GENTOO 名称: GLSA-200703-26 链接:http://security.gentoo.org/glsa/glsa-200703-26.xml 来源: SECUNIA 名称: 25133 链接:http://secunia.com/advisories/25133 来源: SECUNIA 名称: 24754 链接:http://secunia.com/advisories/24754 来源: SECUNIA 名称: 24723 链接:http://secunia.com/advisories/24723 来源: SECUNIA 名称: 24617 链接:http://secunia.com/advisories/24617 来源: SECUNIA 名称: 24616 链接:http://secunia.com/advisories/24616 来源: SECUNIA 名称: 24608 链接:http://secunia.com/advisories/24608 来源: SECUNIA 名称: 24604 链接:http://secunia.com/advisories/24604 来源: SECUNIA 名称: 24592 链接:http://secunia.com/advisories/24592 来源: MANDRIVA 名称: MDKSA-2007:067 链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:067 来源: XF 名称: openbsd-file-bo(36283) 链接:http://xforce.iss.net/xforce/xfdb/36283 来源: BUGTRAQ 名称: 20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity 链接:http://www.securityfocus.com/archive/1/archive/1/477950/100/0/threaded 来源: BUGTRAQ 名称: 20070825 OpenBSD 4.1 - Heap overflow vulnerabillity 链接:http://www.securityfocus.com/archive/1/archive/1/477861/100/0/threaded 来源: SUSE 名称: SUSE-SA:2007:040 链接:http://www.novell.com/linux/security/advisories/2007_40_file.HTML 来源: MANDRIVA 名称: MDKSA-2007:067 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:067 来源: VUPEN 名称: ADV-2007-1939 链接:http://www.frsirt.com/english/advisories/2007/1939 来源: GENTOO 名称: GLSA-200710-19 链接:http://security.gentoo.org/glsa/glsa-200710-19.xml 来源: FREEBSD 名称: FreeBSD-SA-07:04 链接:http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc 来源: SECUNIA 名称: 29179 链接:http://secunia.com/advisories/29179 来源: SECUNIA 名称: 27314 链接:http://secunia.com/advisories/27314 来源: SECUNIA 名称: 27307 链接:http://secunia.com/advisories/27307 来源: SECUNIA 名称: 25989 链接:http://secunia.com/advisories/25989 来源: SECUNIA 名称: 25931 链接:http://secunia.com/advisories/25931 来源: SECUNIA 名称: 25402 链接:http://secunia.com/advisories/25402 来源: SECUNIA 名称: 25393 链接:http://secunia.com/advisories/25393 来源: OPENBSD 名称: [4.0] 20070709 015: SECURITY FIX: July 9, 2007 链接:http://openbsd.org/errata40.HTML#015_file 来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple 名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2007-05-24 链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2007/May/msg00004.HTML 来源: docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com 链接:http://docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/article.HTML?artnum=305530 来源: NETBSD 名称: NetBSD-SA2008-001 链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc
受影响实体
- File File:4.19
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论