Title: File Utility Local Memory Allocation Vulnerability
Severity: MODERATE
Description:
file is a freely available, open source program available for Unix and Linux operating systems.
A problem with the program may result in a denial of service, and may potentially allow the execution of attacker-supplied instructions.
It has been reported that a memory allocation issue exists the file program. Although details of this issue are currently unavailable, it is likely that this issue could be exploited to cause a denial of service condition, and potentially execute code as the user of the file utility.
This problem has been reported as a memory allocation problem. Though unconfirmed, this vulnerability is likely either a heap overflow, or a double-free problem. In either circumstance, it would require an attacker to create the malicious code and place it in a critical portion of the file. Once a user executes the file utility against this file, malicious code embedded in the file would likely be executed with the privileges of the file utility user.
It should also be noted that the file program may be executed by other applications on the system, some of which execute with privileges. This is true of LPRNG, which executes the file utility in the master-filter script. Exploitation may also occur through applications such as less, which execute the file utility when loading a file into the viewer.
Affected Products:
- Caldera OpenLinux Server 3.1.0
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.0
- Caldera OpenLinux Workstation 3.1.1
- Conectiva Linux 6.0.0
- Conectiva Linux 7.0.0
- Conectiva Linux 8.0.0
- FreeBSD FreeBSD 5.0.0
- Immunix Immunix OS 7+
- MandrakeSoft Corporate Server 2.1.0
- MandrakeSoft Linux Mandrake 7.2.0
- MandrakeSoft Linux Mandrake 8.0.0
- MandrakeSoft Linux Mandrake 8.0.0 ppc
- MandrakeSoft Linux Mandrake 8.1.0
- MandrakeSoft Linux Mandrake 8.1.0 ia64
- MandrakeSoft Linux Mandrake 8.2.0
- MandrakeSoft Linux Mandrake 8.2.0 ppc
- MandrakeSoft Linux Mandrake 9.0.0
- MandrakeSoft Single Network Firewall 7.2.0
- RedHat Linux 6.2.0
- RedHat Linux 6.2.0 i386
- RedHat Linux 7.0.0
- RedHat Linux 7.0.0 i386
- RedHat Linux 7.0.0 i686
- RedHat Linux 7.1.0
- RedHat Linux 7.1.0 i386
- RedHat Linux 7.1.0 i586
- RedHat Linux 7.1.0 i686
- RedHat Linux 7.2.0
- RedHat Linux 7.2.0 i386
- RedHat Linux 7.2.0 i586
- RedHat Linux 7.2.0 i686
- RedHat Linux 7.2.0 ia64
- RedHat Linux 7.3.0
- RedHat Linux 7.3.0 i386
- RedHat Linux 8.0.0
- RedHat Linux 8.0.0 i386
- RedHat Linux for iSeries 7.1.0
- RedHat Linux for pSeries 7.1.0
- Sun Cobalt Qube 3
- Sun Cobalt RaQ 4
- Sun Cobalt RaQ 550
- Sun Cobalt RaQ XTR
- Sun LX50
- Sun Linux 5.0.6
- Trustix Secure Linux 1.1.0
- Trustix Secure Linux 1.2.0
- Trustix Secure Linux 1.5.0
- file file 3.28.0
- file file 3.30.0
- file file 3.32.0
- file file 3.33.0
- file file 3.34.0
- file file 3.35.0
- file file 3.36.0
- file file 3.37.0
- file file 3.39.0
- file file 3.40.0
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
