Package name
file
Date
2003-04-17
Advisory ID
MDKSA-2003:030-1
Affected versions
8.2 i586 , CS2.1 i586 , 8.2 i586 , 9.0 i586 , CS2.1 x86_64

Problem description

A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file. Update: The 8.2 and 9.0 packages installed data in a different directory than where they should have been installed, which broke compatability with a small number of programs. These updated packages place those files back in the appropriate location.

Updated packages

8.2 i586

 db8aa6371a0cc8472a326c34e55644b9  ppc/8.2/RPMS/file-3.41-1.2mdk.ppc.rpm
928927e417e426bddff47bb2b44ab2f7  ppc/8.2/SRPMS/file-3.41-1.2mdk.src.rpm

CS2.1 i586

 11dd08bc1e77855ed30a9c0e40f6b15c  corporate/2.1/RPMS/file-3.41-1.2mdk.i586.rpm
928927e417e426bddff47bb2b44ab2f7  corporate/2.1/SRPMS/file-3.41-1.2mdk.src.rpm

8.2 i586

 d5e93ef5b8d037f98545cada5a771df7  8.2/RPMS/file-3.41-1.2mdk.i586.rpm
928927e417e426bddff47bb2b44ab2f7  8.2/SRPMS/file-3.41-1.2mdk.src.rpm

9.0 i586

 11dd08bc1e77855ed30a9c0e40f6b15c  9.0/RPMS/file-3.41-1.2mdk.i586.rpm
928927e417e426bddff47bb2b44ab2f7  9.0/SRPMS/file-3.41-1.2mdk.src.rpm

CS2.1 x86_64

 bac5bc5f65a3eb09a5f19dec54ea9b43  x86_64/corporate/2.1/RPMS/file-3.41-1.2mdk.x86_64.rpm
928927e417e426bddff47bb2b44ab2f7  x86_64/corporate/2.1/SRPMS/file-3.41-1.2mdk.src.rpm

References