Test ID:	1.3.6.1.4.1.25623.1.0.58270
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Security Advisory (FreeBSD-SA-07:04.file.asc)
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-07:04.file.asc
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-07:04.file.asc Vulnerability Insight: The file(1) utility attempts to classify file system objects based on filesystem, magic number and language tests. The libmagic(3) library provides most of the functionality of file(1) and may be used by other applications. When writing data into a buffer in the file_printf function, the length of the unused portion of the buffer is not correctly tracked, resulting in a buffer overflow when processing certain files. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1536 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html BugTraq ID: 23021 http://www.securityfocus.com/bid/23021 Bugtraq: 20070825 OpenBSD 4.1 - Heap overflow vulnerabillity (Google Search) http://www.securityfocus.com/archive/1/477861/100/0/threaded Bugtraq: 20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity (Google Search) http://www.securityfocus.com/archive/1/477950/100/0/threaded CERT/CC vulnerability note: VU#606700 http://www.kb.cert.org/vuls/id/606700 Debian Security Information: DSA-1274 (Google Search) http://www.debian.org/security/2007/dsa-1274 FreeBSD Security Advisory: FreeBSD-SA-07:04 http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc http://security.gentoo.org/glsa/glsa-200703-26.xml http://security.gentoo.org/glsa/glsa-200710-19.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:067 http://mx.gw.com/pipermail/file/2007/000161.html NETBSD Security Advisory: NetBSD-SA2008-001 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc OpenBSD Security Advisory: [4.0] 20070709 015: SECURITY FIX: July 9, 2007 http://openbsd.org/errata40.html#015_file https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658 http://www.redhat.com/support/errata/RHSA-2007-0124.html http://www.securitytracker.com/id?1017796 http://secunia.com/advisories/24548 http://secunia.com/advisories/24592 http://secunia.com/advisories/24604 http://secunia.com/advisories/24608 http://secunia.com/advisories/24616 http://secunia.com/advisories/24617 http://secunia.com/advisories/24723 http://secunia.com/advisories/24754 http://secunia.com/advisories/25133 http://secunia.com/advisories/25393 http://secunia.com/advisories/25402 http://secunia.com/advisories/25931 http://secunia.com/advisories/25989 http://secunia.com/advisories/27307 http://secunia.com/advisories/27314 http://secunia.com/advisories/29179 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.512926 SuSE Security Announcement: SUSE-SA:2007:040 (Google Search) http://www.novell.com/linux/security/advisories/2007_40_file.html SuSE Security Announcement: SUSE-SR:2007:005 (Google Search) http://www.novell.com/linux/security/advisories/2007_5_sr.html http://www.ubuntu.com/usn/usn-439-1 http://www.vupen.com/english/advisories/2007/1040 http://www.vupen.com/english/advisories/2007/1939 XForce ISS Database: openbsd-file-bo(36283) https://exchange.xforce.ibmcloud.com/vulnerabilities/36283
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.