RHEL 4 / 5 : file (RHSA-2007:0124)
High Nessus Plugin ID 24897
SynopsisThe remote Red Hat host is missing a security update.
DescriptionAn updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The file command is used to identify a particular file according to the type of data contained by the file.
An integer underflow flaw was found in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution.
This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3.
Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
SolutionUpdate the affected file package.