FreeBSD : FreeBSD -- heap overflow in file(1) (8e01ab5b-0949-11dc-8163-000e0c2e438a)

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

When writing data into a buffer in the file_printf function, the
length of the unused portion of the buffer is not correctly tracked,
resulting in a buffer overflow when processing certain files. Impact :
An attacker who can cause file(1) to be run on a maliciously
constructed input can cause file(1) to crash. It may be possible for
such an attacker to execute arbitrary code with the privileges of the
user running file(1).

The above also applies to any other applications using the libmagic(3)
library. Workaround : No workaround is available, but systems where
file(1) and other libmagic(3)-using applications are never run on
untrusted input are not vulnerable.

See also :

http://www.nessus.org/u?e200d521

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 25359 (freebsd_pkg_8e01ab5b094911dc8163000e0c2e438a.nasl)

Bugtraq ID: 23021

CVE ID: CVE-2007-1536

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now