|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu USN-439-2 (file)|
|Summary:||Ubuntu USN-439-2 (file)|
The remote host is missing an update to file
announced via advisory USN-439-2.
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
USN-439-1 fixed a vulnerability in file. The original fix did not
fully solve the problem. This update provides a more complete solution.
Original advisory details:
Jean-Sebastien Guay-Leroux discovered that file did not correctly
check the size of allocated heap memory. If a user were tricked into
examining a specially crafted file with the file utility, a remote
attacker could execute arbitrary code with user privileges.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
In general, a standard system upgrade is sufficient to effect the
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2007-2799|
Bugtraq: 20070524 FLEA-2007-0022-1: file (Google Search)
Debian Security Information: DSA-1343 (Google Search)
NETBSD Security Advisory: NetBSD-SA2008-001
SuSE Security Announcement: SUSE-SA:2007:040 (Google Search)
BugTraq ID: 24146
XForce ISS Database: file-assert-code-execution(34731)
|Copyright||Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com|
|This is only one of 39087 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.