English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58270
Category:FreeBSD Local Security Checks
Title:FreeBSD Security Advisory (FreeBSD-SA-07:04.file.asc)
Summary:FreeBSD Security Advisory (FreeBSD-SA-07:04.file.asc)
Description:The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-07:04.file.asc

The file(1) utility attempts to classify file system objects based on
filesystem, magic number and language tests.

The libmagic(3) library provides most of the functionality of file(1)
and may be used by other applications.

When writing data into a buffer in the file_printf function, the length
of the unused portion of the buffer is not correctly tracked, resulting
in a buffer overflow when processing certain files.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date

http://www.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-07:04.file.asc
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1536
Bugtraq: 20070825 OpenBSD 4.1 - Heap overflow vulnerabillity (Google Search)
http://www.securityfocus.com/archive/1/archive/1/477861/100/0/threaded
Bugtraq: 20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity (Google Search)
http://www.securityfocus.com/archive/1/archive/1/477950/100/0/threaded
http://mx.gw.com/pipermail/file/2007/000161.html
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
Debian Security Information: DSA-1274 (Google Search)
http://www.debian.org/security/2007/dsa-1274
FreeBSD Security Advisory: FreeBSD-SA-07:04
http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc
http://security.gentoo.org/glsa/glsa-200703-26.xml
http://security.gentoo.org/glsa/glsa-200710-19.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:067
NETBSD Security Advisory: NetBSD-SA2008-001
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc
OpenBSD Security Advisory: [4.0] 20070709 015: SECURITY FIX: July 9, 2007
http://openbsd.org/errata40.html#015_file
http://www.redhat.com/support/errata/RHSA-2007-0124.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.512926
SuSE Security Announcement: SUSE-SR:2007:005 (Google Search)
http://www.novell.com/linux/security/advisories/2007_5_sr.html
SuSE Security Announcement: SUSE-SA:2007:040 (Google Search)
http://www.novell.com/linux/security/advisories/2007_40_file.html
http://www.ubuntu.com/usn/usn-439-1
CERT/CC vulnerability note: VU#606700
http://www.kb.cert.org/vuls/id/606700
BugTraq ID: 23021
http://www.securityfocus.com/bid/23021
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10658
http://www.vupen.com/english/advisories/2007/1040
http://www.vupen.com/english/advisories/2007/1939
http://www.securitytracker.com/id?1017796
http://secunia.com/advisories/24548
http://secunia.com/advisories/24604
http://secunia.com/advisories/24616
http://secunia.com/advisories/24617
http://secunia.com/advisories/24592
http://secunia.com/advisories/24608
http://secunia.com/advisories/24723
http://secunia.com/advisories/24754
http://secunia.com/advisories/25133
http://secunia.com/advisories/25393
http://secunia.com/advisories/25402
http://secunia.com/advisories/25931
http://secunia.com/advisories/25989
http://secunia.com/advisories/27307
http://secunia.com/advisories/27314
http://secunia.com/advisories/29179
XForce ISS Database: openbsd-file-bo(36283)
http://xforce.iss.net/xforce/xfdb/36283
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.