English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59257
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2007:040 (file)
Summary:SuSE Security Advisory SUSE-SA:2007:040 (file)
Description:
The remote host is missing updates announced in
advisory SUSE-SA:2007:040.

A previous security fix for file introduced a new integer overflow
in the file_printf() function and potentially be used to execute code.

This has been fixed and updates have been provided.

Since file can be run by automatic scripts, remote exploitation might
be possible.

This issue is tracked by the Mitre CVE ID CVE-2007-2799.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2007:040

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1536
Bugtraq: 20070825 OpenBSD 4.1 - Heap overflow vulnerabillity (Google Search)
http://www.securityfocus.com/archive/1/archive/1/477861/100/0/threaded
Bugtraq: 20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity (Google Search)
http://www.securityfocus.com/archive/1/archive/1/477950/100/0/threaded
http://mx.gw.com/pipermail/file/2007/000161.html
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
Debian Security Information: DSA-1274 (Google Search)
http://www.debian.org/security/2007/dsa-1274
FreeBSD Security Advisory: FreeBSD-SA-07:04
http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc
http://security.gentoo.org/glsa/glsa-200703-26.xml
http://security.gentoo.org/glsa/glsa-200710-19.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:067
NETBSD Security Advisory: NetBSD-SA2008-001
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc
OpenBSD Security Advisory: [4.0] 20070709 015: SECURITY FIX: July 9, 2007
http://openbsd.org/errata40.html#015_file
http://www.redhat.com/support/errata/RHSA-2007-0124.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.512926
SuSE Security Announcement: SUSE-SR:2007:005 (Google Search)
http://www.novell.com/linux/security/advisories/2007_5_sr.html
SuSE Security Announcement: SUSE-SA:2007:040 (Google Search)
http://www.novell.com/linux/security/advisories/2007_40_file.html
http://www.ubuntu.com/usn/usn-439-1
CERT/CC vulnerability note: VU#606700
http://www.kb.cert.org/vuls/id/606700
BugTraq ID: 23021
http://www.securityfocus.com/bid/23021
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10658
http://www.vupen.com/english/advisories/2007/1040
http://www.vupen.com/english/advisories/2007/1939
http://www.securitytracker.com/id?1017796
http://secunia.com/advisories/24548
http://secunia.com/advisories/24604
http://secunia.com/advisories/24616
http://secunia.com/advisories/24617
http://secunia.com/advisories/24592
http://secunia.com/advisories/24608
http://secunia.com/advisories/24723
http://secunia.com/advisories/24754
http://secunia.com/advisories/25133
http://secunia.com/advisories/25393
http://secunia.com/advisories/25402
http://secunia.com/advisories/25931
http://secunia.com/advisories/25989
http://secunia.com/advisories/27307
http://secunia.com/advisories/27314
http://secunia.com/advisories/29179
XForce ISS Database: openbsd-file-bo(36283)
http://xforce.iss.net/xforce/xfdb/36283
Common Vulnerability Exposure (CVE) ID: CVE-2007-2799
Bugtraq: 20070524 FLEA-2007-0022-1: file (Google Search)
http://www.securityfocus.com/archive/1/archive/1/469520/30/6420/threaded
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Debian Security Information: DSA-1343 (Google Search)
http://www.debian.org/security/2007/dsa-1343
http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:114
http://www.redhat.com/support/errata/RHSA-2007-0391.html
http://www.trustix.org/errata/2007/0024/
http://www.ubuntu.com/usn/usn-439-2
BugTraq ID: 24146
http://www.securityfocus.com/bid/24146
http://osvdb.org/38498
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11012
http://www.vupen.com/english/advisories/2007/2071
http://www.vupen.com/english/advisories/2008/0924/references
http://www.securitytracker.com/id?1018140
http://secunia.com/advisories/25394
http://secunia.com/advisories/25544
http://secunia.com/advisories/25578
http://secunia.com/advisories/26203
http://secunia.com/advisories/26294
http://secunia.com/advisories/26415
http://secunia.com/advisories/29420
XForce ISS Database: file-assert-code-execution(34731)
http://xforce.iss.net/xforce/xfdb/34731
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.