Launchpad.net

CVE 2007-2799

Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
BID: 24146
CONFIRM: https://issues.rpath.c...
CONFIRM: http://www.amavis.org/...
GENTOO: GLSA-200705-25
REDHAT: RHSA-2007:0391
SECTRACK: 1018140
SECUNIA: 25394
SECUNIA: 25544
UBUNTU: USN-439-2
SECUNIA: 25578
SUSE: SUSE-SA:2007:040
SECUNIA: 25931
CONFIRM: http://support.avaya.c...
SECUNIA: 26203
DEBIAN: DSA-1343
SECUNIA: 26294
TRUSTIX: 2007-0024
SECUNIA: 26415
MANDRIVA: MDKSA-2007:114
NETBSD: NetBSD-SA2008-001
SECUNIA: 29179
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2008-03-18
SECUNIA: 29420
VUPEN: ADV-2007-2071
VUPEN: ADV-2008-0924
OSVDB: 38498
XF: file-assert-code-execu...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070524 FLEA-2007-002...

Launchpad.net

CVE 2007-2799

Related bugs

References