GLSA-200703-26 : file: Integer underflow

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200703-26
(file: Integer underflow)

Jean-Sebastien Guay-Leroux reported an integer underflow in
file_printf function.

Impact :

A remote attacker could entice a user to run the 'file' program on a
specially crafted file that would trigger a heap-based buffer overflow
possibly leading to the execution of arbitrary code with the rights of
the user running 'file'. Note that this vulnerability could be also
triggered through an automatic file scanner like amavisd-new.

Workaround :

There is no known workaround at this time.

See also :

Solution :

Since file is a system package, all Gentoo users should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=sys-apps/file-4.20'

Risk factor :

High / CVSS Base Score : 9.3

Family: Gentoo Local Security Checks

Nessus Plugin ID: 24931 (gentoo_GLSA-200703-26.nasl)

Bugtraq ID:

CVE ID: CVE-2007-1536

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now