Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2007:0391
HistoryMay 30, 2007 - 6:29 p.m.

file security update

2007-05-3018:29:19
CentOS Project
lists.centos.org
52

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.049

Percentile

92.8%

JSON

CentOS Errata and Security Advisory CESA-2007:0391

The file command is used to identify a particular file according to the
type of data contained by the file.

The fix for CVE-2007-1536 introduced a new integer underflow flaw in the
file utility. An attacker could create a carefully crafted file which, if
examined by a victim using the file utility, could lead to arbitrary code
execution. (CVE-2007-2799)

This issue did not affect the version of the file utility distributed with
Red Hat Enterprise Linux 2.1 or 3.

Users should upgrade to this erratum package, which contain a backported
patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075985.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075986.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075993.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075995.html
https://lists.centos.org/pipermail/centos-announce/2007-May/076001.html
https://lists.centos.org/pipermail/centos-announce/2007-May/076002.html

Affected packages:
file

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0391

Related

openvas 40
nessus 29
redhat 2
prion 2
securityvulns 1
gentoo 4
cvelist 2
suse 1
cve 2
ubuntucve 2
debiancve 2
veracode 1
nvd 2
slackware 1
cert 1
exploitdb 1
oraclelinux 2
centos 1
freebsd 1
freebsd_advisory 1
fedora 4
ubuntu 2
debian 5
osv 2
seebug 2
openvas
openvas
Gentoo Security Advisory GLSA 200710-19 (sleuthkit)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200710-19 (sleuthkit)
2008-09-24 00:00:00
SuSE Update for file SUSE-SA:2007:040
2009-01-28 00:00:00
nessus
nessus
CentOS 4 / 5 : file (CESA-2007:0391)
2007-06-01 00:00:00
RHEL 4 / 5 : file (RHSA-2007:0391)
2007-06-01 00:00:00
Oracle Linux 4 / 5 : file (ELSA-2007-0391)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2007:0391) Moderate: file security update
2007-05-30 00:00:00
(RHSA-2007:0124) Moderate: file security update
2007-03-23 00:00:00
prion
prion
Integer overflow
2007-05-23 21:30:00
Design/Logic Flaw
2007-03-20 20:19:00
securityvulns
securityvulns
file utilities integer overflow
2007-03-24 00:00:00
gentoo
gentoo
The Sleuth Kit: Integer underflow
2007-10-18 00:00:00
file: Integer underflow
2007-03-30 00:00:00
file: Integer overflow
2007-05-31 00:00:00
cvelist
cvelist
CVE-2007-2799
2007-05-23 21:00:00
CVE-2007-1536
2007-03-20 20:00:00
suse
suse
potential code execution in file
2007-07-04 13:45:34
cve
cve
CVE-2007-2799
2007-05-23 21:30:00
CVE-2007-1536
2007-03-20 20:19:00
ubuntucve
ubuntucve
CVE-2007-2799
2007-05-23 00:00:00
CVE-2007-1536
2007-03-20 00:00:00
debiancve
debiancve
CVE-2007-2799
2007-05-23 21:30:00
CVE-2007-1536
2007-03-20 20:19:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:18:35
nvd
nvd
CVE-2007-2799
2007-05-23 21:30:00
CVE-2007-1536
2007-03-20 20:19:00
slackware
slackware
[slackware-security] file [and bin package]
2007-04-03 23:22:39
cert
cert
file integer overflow vulnerability
2007-03-26 00:00:00
exploitdb
exploitdb
File(1) 4.13 - Command File_PrintF Integer Underflow
2007-03-19 00:00:00
oraclelinux
oraclelinux
Moderate: file security update
2007-03-23 00:00:00
Moderate: file security update
2007-05-30 00:00:00
centos
centos
file security update
2007-03-23 22:21:06
freebsd
freebsd
FreeBSD -- heap overflow in file(1)
2007-05-23 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-07:04.file
2007-05-23 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: file-4.19-2.fc6
2007-03-30 16:07:48
[SECURITY] Fedora Core 5 Update: file-4.21-1.fc5
2007-06-11 20:01:12
[SECURITY] Fedora 7 Update: file-4.21-1.fc7
2007-07-03 16:23:52
ubuntu
ubuntu
file vulnerability
2007-03-22 00:00:00
file vulnerability
2007-06-11 00:00:00
debian
debian
[SECURITY] [DSA 1274-1] New file packages fix arbitrary code execution
2007-04-02 12:10:57
[SECURITY] [DSA 1274-1] New file packages fix arbitrary code execution
2007-04-02 12:10:57
[SECURITY] [DSA 1343-1] New file packages fix arbitrary code execution
2007-07-31 21:36:42
osv
osv
file
2007-07-31 00:00:00
file
2007-07-31 00:00:00
seebug
seebug
Fileๅคšไธชๆ‹’็ปๆœๅŠกๆผๆดž
2007-08-08 00:00:00
Apple Mac OS X 2007-005ๅคšไธชๅฎ‰ๅ…จๆผๆดž
2007-05-25 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.049

Percentile

92.8%

JSON
Related for CESA-2007:0391
openvas40nessus29redhat2prion2securityvulns1gentoo4cvelist2suse1cve2ubuntucve2debiancve2veracode1nvd2slackware1cert1exploitdb1oraclelinux2centos1freebsd1freebsd_advisory1fedora4ubuntu2debian5osv2seebug2