Executive Summary
Summary | |
---|---|
Title | file vulnerability |
Informations | |||
---|---|---|---|
Name | USN-439-2 | First vendor Publication | 2007-06-11 |
Vendor | Ubuntu | Last vendor Modification | 2007-06-11 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.1 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: Ubuntu 7.04: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-439-1 fixed a vulnerability in file. The original fix did not fully solve the problem. This update provides a more complete solution. Original advisory details: Jean-Sebastien Guay-Leroux discovered that "file" did not correctly |
Original Source
Url : http://www.ubuntu.com/usn/USN-439-2 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11012 | |||
Oval ID: | oval:org.mitre.oval:def:11012 | ||
Title: | Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536. | ||
Description: | Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2799 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18466 | |||
Oval ID: | oval:org.mitre.oval:def:18466 | ||
Title: | DSA-1343-2 file | ||
Description: | Colin Percival discovered an integer overflow in file, a file type classification tool, which may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1343-2 CVE-2007-2799 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | file |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19976 | |||
Oval ID: | oval:org.mitre.oval:def:19976 | ||
Title: | DSA-1343-1 file | ||
Description: | Colin Percival discovered an integer overflow in file, a file type classification tool, which may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1343-1 CVE-2007-2799 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | file |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22395 | |||
Oval ID: | oval:org.mitre.oval:def:22395 | ||
Title: | ELSA-2007:0391: file security update (Moderate) | ||
Description: | Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0391-02 CVE-2007-2799 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | file |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : SLES10: Security update for file File : nvt/sles10_file.nasl |
2009-04-09 | Name : Mandriva Update for file MDKSA-2007:114 (file) File : nvt/gb_mandriva_MDKSA_2007_114.nasl |
2009-03-23 | Name : Ubuntu Update for file vulnerability USN-439-2 File : nvt/gb_ubuntu_USN_439_2.nasl |
2009-02-27 | Name : Fedora Update for file FEDORA-2007-0836 File : nvt/gb_fedora_2007_0836_file_fc7.nasl |
2009-02-27 | Name : Fedora Update for file FEDORA-2007-538 File : nvt/gb_fedora_2007_538_file_fc6.nasl |
2009-02-27 | Name : Fedora Update for file FEDORA-2007-541 File : nvt/gb_fedora_2007_541_file_fc5.nasl |
2009-01-28 | Name : SuSE Update for file SUSE-SA:2007:040 File : nvt/gb_suse_2007_040.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-25 (file) File : nvt/glsa_200705_25.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-19 (sleuthkit) File : nvt/glsa_200710_19.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1343-1 (file) File : nvt/deb_1343_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1343-2 (file) File : nvt/deb_1343_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38498 | GNU file File Handling Local Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0391.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20070530_file_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_file-3755.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-439-2.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0836.nasl - Type : ACT_GATHER_INFO |
2007-10-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-19.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_file-3757.nasl - Type : ACT_GATHER_INFO |
2007-08-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1343.nasl - Type : ACT_GATHER_INFO |
2007-06-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-538.nasl - Type : ACT_GATHER_INFO |
2007-06-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-541.nasl - Type : ACT_GATHER_INFO |
2007-06-07 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-114.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-25.nasl - Type : ACT_GATHER_INFO |
2007-06-01 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0391.nasl - Type : ACT_GATHER_INFO |
2007-06-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0391.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:15 |
|