what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2007-1536

Status Candidate

Overview

Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

Related Files

Gentoo Linux Security Advisory 201412-11
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.

tags | advisory, remote, arbitrary, x86, vulnerability
systems | linux, gentoo
advisories | CVE-2007-0720, CVE-2007-1536, CVE-2007-2026, CVE-2007-2445, CVE-2007-2741, CVE-2007-3108, CVE-2007-4995, CVE-2007-5116, CVE-2007-5135, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269, CVE-2007-5849, CVE-2010-1205, CVE-2013-0338, CVE-2013-0339, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877, CVE-2014-0160
SHA-256 | 0d52bd946d4c830b5f1f480535296f513bafe2d3abc811d6666cbb6fb317a087
Download | Favorite | View
Gentoo Linux Security Advisory 200710-19
Posted Oct 18, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-19 - Jean-Sebastien Guay-Leroux reported an integer underflow in the file_printf() function of the file utility which is bundled with The Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not affected by the improper fix for this vulnerability (identified as CVE-2007-2799, see GLSA 200705-25) since version 4.20 of file was never shipped with The Sleuth Kit ebuilds. Versions less than 2.0.9 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-1536, CVE-2007-2799
SHA-256 | 5d8dc392bc814f2430ff4729c0bbb583a93e7c361c2421771358d7ced56bf0e9
Download | Favorite | View
FreeBSD-SA-07-04.file.txt
Posted May 24, 2007
Site security.freebsd.org

FreeBSD Security Advisory - An attacker who can cause file to be run on a maliciously constructed input can cause file to crash. It may be possible for such an attacker to execute arbitrary code with the privileges of the user running file. The above also applies to any other applications using the libmagic library.

tags | advisory, arbitrary
systems | freebsd
advisories | CVE-2007-1536
SHA-256 | 8e2a86c43663ab976f1486f288aeb153a35b6755fa7c13f24c4527aa1cd9f14d
Download | Favorite | View
Debian Linux Security Advisory 1274-1
Posted Apr 3, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1274-1 - An integer underflow bug has been found in the file_printf function in file, a tool to determine file types based analysis of file content. The bug could allow an attacker to execute arbitrary code by inducing a local user to examine a specially crafted file that triggers a buffer overflow.

tags | advisory, overflow, arbitrary, local
systems | linux, debian
advisories | CVE-2007-1536
SHA-256 | 391c88e04422b21a20d2d064764b5af7e5efa1e26a113210c50cb29d42a83596
Download | Favorite | View
Gentoo Linux Security Advisory 200703-26
Posted Apr 2, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200703-26 - Jean-S

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-1536
SHA-256 | ce1c65bc507a25ed70388b1698af784c5d3905013a8714609d2cead5303469fd
Download | Favorite | View
Mandriva Linux Security Advisory 2007.067
Posted Mar 24, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Jean-Sebastien Guay-Leroux discovered an integer underflow in the file_printf() function in file prior to 4.20 that allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-1536
SHA-256 | 73404ee6b9cfa61253385a98da5075f54bc1d529bf4bec08ee9a5925329ba5c3
Download | Favorite | View
Ubuntu Security Notice 439-1
Posted Mar 24, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 439-1 - Jean-Sebastien Guay-Leroux discovered that "file" did not correctly check the size of allocated heap memory. If a user were tricked into examining a specially crafted file with the "file" utility, a remote attacker could execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-1536
SHA-256 | 4d1da7553bbccf35ace2f6eff54746863923585f6832730a046e7187e47d88b2
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close