Test ID:	1.3.6.1.4.1.25623.1.0.59663
Category:	Turbolinux Local Security Tests
Title:	Turbolinux TLSA-2007-22 (file)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to file announced via advisory TLSA-2007-22. File tests each argument in an attempt to classify it. There are three sets of tests, performed in this order: filesystem tests, magic number tests, and language tests. The first test that succeeds causes the file type to be printed. The integer underflow exists in file command. This vulnerability may allow attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2007-22 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1536 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html BugTraq ID: 23021 http://www.securityfocus.com/bid/23021 Bugtraq: 20070825 OpenBSD 4.1 - Heap overflow vulnerabillity (Google Search) http://www.securityfocus.com/archive/1/477861/100/0/threaded Bugtraq: 20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity (Google Search) http://www.securityfocus.com/archive/1/477950/100/0/threaded CERT/CC vulnerability note: VU#606700 http://www.kb.cert.org/vuls/id/606700 Debian Security Information: DSA-1274 (Google Search) http://www.debian.org/security/2007/dsa-1274 FreeBSD Security Advisory: FreeBSD-SA-07:04 http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc http://security.gentoo.org/glsa/glsa-200703-26.xml http://security.gentoo.org/glsa/glsa-200710-19.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:067 http://mx.gw.com/pipermail/file/2007/000161.html NETBSD Security Advisory: NetBSD-SA2008-001 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc OpenBSD Security Advisory: [4.0] 20070709 015: SECURITY FIX: July 9, 2007 http://openbsd.org/errata40.html#015_file https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658 http://www.redhat.com/support/errata/RHSA-2007-0124.html http://www.securitytracker.com/id?1017796 http://secunia.com/advisories/24548 http://secunia.com/advisories/24592 http://secunia.com/advisories/24604 http://secunia.com/advisories/24608 http://secunia.com/advisories/24616 http://secunia.com/advisories/24617 http://secunia.com/advisories/24723 http://secunia.com/advisories/24754 http://secunia.com/advisories/25133 http://secunia.com/advisories/25393 http://secunia.com/advisories/25402 http://secunia.com/advisories/25931 http://secunia.com/advisories/25989 http://secunia.com/advisories/27307 http://secunia.com/advisories/27314 http://secunia.com/advisories/29179 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.512926 SuSE Security Announcement: SUSE-SA:2007:040 (Google Search) http://www.novell.com/linux/security/advisories/2007_40_file.html SuSE Security Announcement: SUSE-SR:2007:005 (Google Search) http://www.novell.com/linux/security/advisories/2007_5_sr.html http://www.ubuntu.com/usn/usn-439-1 http://www.vupen.com/english/advisories/2007/1040 http://www.vupen.com/english/advisories/2007/1939 XForce ISS Database: openbsd-file-bo(36283) https://exchange.xforce.ibmcloud.com/vulnerabilities/36283
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.