file(1) AFCTR tool read() buffer overflow

file-afctr-read-bo (11469) The risk level is classified as HighHigh Risk

Description:

file(1) is vulnerable to a stack-based buffer overflow in the Automatic File Content Type Recognition Tool (AFCTR tool) , caused by improper bounds checking of user-supplied input that is passed to the read() function. By creating a specially-crafted file and setting the sh_addr variable to more than 32 bytes, a local attacker could overflow a buffer and execute arbitrary code on the system with privileges of the file(1) user, once the victim opens the file using the AFCTR tool.


Consequences:

Gain Privileges

Remedy:

Upgrade to the latest version of file(1) (3.41 or later), as listed in iDEFENSE Security Advisory 03.04.03. See References.

For OpenPKG:
Upgrade to the latest file package, as listed below. Refer to OpenPKG Security Advisory OpenPKG-SA-2003.017 for more information. See References.

OpenPKG CURRENT: 3.41-20030228 or later
OpenPKG 1.2: 3.39-1.2.1 or later
OpenPKG 1.1: 3.39-1.1.2 or later

For Red Hat Linux:
Upgrade to the latest file package, as listed below. Refer to RHSA-2003:086-09 for more information. See References.

Red Hat 6.2: 3.39-8.6x or later
Red Hat 7.0, 7.1 for iSeries and pSeries, 7.2, and 7.3: 3.39-8.7x or later
Red Hat 8.0: 3.39-9 or later

For Linux-Mandrake 7.2, Mandrake Linux 8.0, 8.1, 8.2, 9.0, Single Network Firewall 7.2 and Corporate Server 2.1:
Upgrade to the latest file package (3.41-1.1mdk or later), available from the MandrakeSoft Security Advisory MDKSA-2003:030 : file. See References.

For EnGarde Secure Linux Community Edition:
Upgrade to the latest file package (3.41-1.0.2 or later), as listed in EnGarde Secure Linux Security Advisory ESA-20030307-008. See References.

For NetBSD-current:
Upgrade to the latest version of NetBSD-current (dated 2003-02-27 or later), as listed in NetBSD Security Advisory 2003-003. See References.

For NetBSD 1.6:
Upgrade to the latest version of NetBSD 1.6 (dated 2003-03-08 or later), as listed in NetBSD Security Advisory 2003-003. See References.

For NetBSD 1.5, 1.5.1, 1.5.2, and 1.5.3:
Upgrade to the latest version of the NetBSD 1.5 branch (dated 2003-03-09 or later), as listed in NetBSD Security Advisory 2003-003. See References.

For SuSE Linux:
Upgrade to the latest file package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2003:017 for more information. See References.

SuSE 8.0 and 8.1: 3.37-206 or later
SuSE 7.3: 3.33-85 or later
SuSE 7.1: 3.32-118 or later
SuSE 7.3 (Sparc): 3.33-39 or later
SuSE 7.1 (AXP Alpha): 3.32-69 or later
SuSE 7.3 (PPC Power PC): 3.33-69 or later
SuSE 7.1 (PPC Power PC): 3.32-36 or later

For Mandrake Linux:
Upgrade to the latest file package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2003:030-1 : file for more information. See References.

Mandrake Linux 8.2, 9.0, and Corporate Server 2.1: 3.41-1.2mdk or later

For Caldera OpenLinux 3.1 and 3.1.1 (Workstation and Server):
Upgrade to the latest version of file (3.28-8 or later), as listed in SCO Security Advisory CSSA-2003-018.0. See References.

For Immunix OS 7+:
Upgrade to the latest version of file (3.30-7_imnx_3.41_1 or later), as listed in Immunix OS Security Advisory IMNX-2003-7+-012-01. See References.

For Sun Linux 5.0:
Apply the appropriate patch for your system. Refer to Sun Alert ID: 56040 for more information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

Platforms Affected:

  • Christos Zoulas file(1) 3.39 and prior
  • Debian Debian Linux 2.2
  • Debian Debian Linux 3.0
  • EngardeLinux Secure Community 1.0.1
  • EngardeLinux Secure Linux
  • EngardeLinux Secure Professional
  • Immunix Immunix OS 7+-beta
  • MandrakeSoft Mandrake Linux 7.2
  • MandrakeSoft Mandrake Linux 8.0
  • MandrakeSoft Mandrake Linux 8.0 PPC
  • MandrakeSoft Mandrake Linux 8.1 IA64
  • MandrakeSoft Mandrake Linux 8.1
  • MandrakeSoft Mandrake Linux 8.2 PPC
  • MandrakeSoft Mandrake Linux 8.2
  • MandrakeSoft Mandrake Linux 9.0
  • MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
  • MandrakeSoft Mandrake Linux Corporate Server 2.1
  • NetBSD NetBSD 1.5
  • NetBSD NetBSD 1.5.1
  • NetBSD NetBSD 1.5.2
  • NetBSD NetBSD 1.5.3
  • NetBSD NetBSD 1.6
  • NetBSD NetBSD CURRENT
  • Novell SuSE Linux Enterprise Server 7.0
  • OpenPKG OpenPKG 1.1
  • OpenPKG OpenPKG 1.2
  • OpenPKG OpenPKG CURRENT
  • RedHat Enterprise Linux 2.1 AS
  • RedHat Enterprise Linux 2.1 ES
  • RedHat Enterprise Linux 2.1 WS
  • RedHat Linux 6.2
  • RedHat Linux 7
  • RedHat Linux 7.1
  • RedHat Linux 7.1 for iSeries
  • RedHat Linux 7.1 for pSeries
  • RedHat Linux 7.2
  • RedHat Linux 7.3
  • RedHat Linux 8.0
  • RedHat Linux Advanced Workstation 2.1 Itanium
  • SCO Caldera OpenLinux Server 3.1
  • SCO Caldera OpenLinux Server 3.1.1
  • SCO Caldera OpenLinux Workstation 3.1
  • SCO Caldera OpenLinux Workstation 3.1.1
  • Sun Linux 5.0
  • SuSE Linux Enterprise Server 8
  • SuSE SuSE eMail Server 3.1
  • SuSE SuSE eMail Server III
  • SUSE SuSE Linux 7.1
  • SUSE SuSE Linux 7.2
  • SUSE SuSE Linux 7.3
  • SUSE SuSE Linux 8.0
  • SUSE SuSE Linux 8.1
  • SuSE SuSE Linux Connectivity Server
  • SuSE SuSE Linux Database Server
  • SuSE SuSE Linux Firewall
  • SuSE SuSE Linux Office Server

Reported:

Mar 04, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page