Oracle Linux 4 : file (ELSA-2007-0124)
High Nessus Plugin ID 67463
SynopsisThe remote Oracle Linux host is missing a security update.
DescriptionFrom Red Hat Security Advisory 2007:0124 :
An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The file command is used to identify a particular file according to the type of data contained by the file.
An integer underflow flaw was found in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution.
This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3.
Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
SolutionUpdate the affected file package.