MDKSA-2003:030

Package name

file

Date

2003-03-06

Advisory ID

MDKSA-2003:030

Affected versions

8.1 i586 , CS2.1 i586 , SNF7.2 i586 , 8.1 i586 , 8.0 i586 , 9.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.2 i586

Problem description

A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file.

Updated packages

8.1 i586

 949417f7c98c472b6334e45124754bfa  ia64/8.1/RPMS/file-3.41-1.1mdk.ia64.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  ia64/8.1/SRPMS/file-3.41-1.1mdk.src.rpm

CS2.1 i586

 518493f1a79abf93011e70abfcb0677a  corporate/2.1/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  corporate/2.1/SRPMS/file-3.41-1.1mdk.src.rpm

SNF7.2 i586

 095c2b08eac93b171448eb8a9f1c1ef1  snf7.2/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  snf7.2/SRPMS/file-3.41-1.1mdk.src.rpm

8.1 i586

 8483c0f20b6324217ad8fa30d6ac1277  8.1/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  8.1/SRPMS/file-3.41-1.1mdk.src.rpm

8.0 i586

 47a821812ce592e995615c8e268333c7  8.0/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  8.0/SRPMS/file-3.41-1.1mdk.src.rpm

9.0 i586

 518493f1a79abf93011e70abfcb0677a  9.0/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  9.0/SRPMS/file-3.41-1.1mdk.src.rpm

8.2 i586

 569bdc3120f253b9317a24e956499cb4  8.2/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  8.2/SRPMS/file-3.41-1.1mdk.src.rpm

8.0 i586

 8bcd230d29322f2c486c4834d670410e  ppc/8.0/RPMS/file-3.41-1.1mdk.ppc.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  ppc/8.0/SRPMS/file-3.41-1.1mdk.src.rpm

8.2 i586

 8bab0210d9ad42e7facc76db95a39532  ppc/8.2/RPMS/file-3.41-1.1mdk.ppc.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  ppc/8.2/SRPMS/file-3.41-1.1mdk.src.rpm

7.2 i586

 095c2b08eac93b171448eb8a9f1c1ef1  7.2/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  7.2/SRPMS/file-3.41-1.1mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0102
• http://www.idefense.com/advisory/03.04.03.txt