Simon L. Nielsen schrieb:
On 2007.03.29 16:22:58 +0200, Thomas Vogt wrote:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
"Integer underflow in the file_printf function in the "file" program
before 4.20 allows user-assisted attackers to execute arbitrary code via
a file that triggers a heap-based buffer overflow."
Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The
port has 4.20.
Hey,
While I haven't confirmed FreeBSD is vulnerable, I assume that is the
case. In any case, we (The FreeBSD Security Team) are working on this
isuse.
In any case, I'd also be happy to see the base file upgraded, since the
current one has some known issues. E.g. it coredumps sometimes when
using from amavisd-new, while the newer version from ports works well.
Gabor
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
