Miembros de
Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en file |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | file 4.20 |
Descripción |
|
|
Se han encontrado múltiples vulnerabilidades en file en la versión 4.20. Las vulnerabilidades son descritas a continuación. - CVE-2007-2026: Se ha encontrado una vulnerabilidad en file en la versión 4.20. La vulnerabilidad reside en un error en el código gnu para las expresiones regulares. Un atacante remoto podría provocar una denegación de servicio mediante un documento manipulado con un gran número de caracteres de relleno. - CVE-2007-2799: Se ha encontrado una vulnerabilidad del tipo desbordamiento de entero en file en la versión 4.20. La vulnerabilidad reside en un parche incorrecto para la vulnerabilidad descrita en el CVE-2007-1536 y cuando es ejecutado en sistemas de 32 bits. Un atacante remoto podría ejecutar código remoto mediante un archivo de gran tamaño que causa un desbordamiento que provoca el salto de un assert() statement. |
|
Solución |
|
|
Actualización de software Mandriva Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/file-4.07-3.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/libmagic1-4.07-3.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/libmagic1-devel-4.07-3.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/libmagic1-static-devel-4.07-3.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/file-4.07-3.2.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/file-4.07-3.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/lib64magic1-4.07-3.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/lib64magic1-devel-4.07-3.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/lib64magic1-static-devel-4.07-3.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/file-4.07-3.2.C30mdk.src.rpm Multi Network Firewall 2.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/i586/file-4.07-3.2.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/i586/libmagic1-4.07-3.2.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/file-4.07-3.2.M20mdk.src.rpm Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/file-4.17-2.2mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libmagic1-4.17-2.2mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libmagic1-devel-4.17-2.2mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libmagic1-static-devel-4.17-2.2mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/python-magic-4.17-2.2mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/file-4.17-2.2mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/file-4.17-2.2mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64magic1-4.17-2.2mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64magic1-devel-4.17-2.2mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64magic1-static-devel-4.17-2.2mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/python-magic-4.17-2.2mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/file-4.17-2.2mdv2007.0.src.rpm Corporate Server 4.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/file-4.14-2.3.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/libmagic1-4.14-2.3.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/libmagic1-devel-4.14-2.3.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/libmagic1-static-devel-4.14-2.3.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/file-4.14-2.3.20060mlcs4.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/file-4.14-2.3.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/lib64magic1-4.14-2.3.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/lib64magic1-devel-4.14-2.3.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/lib64magic1-static-devel-4.14-2.3.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/file-4.14-2.3.20060mlcs4.src.rpm Mandriva Linux 2007.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/file-4.20-1.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/libmagic1-4.20-1.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/libmagic1-devel-4.20-1.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/libmagic1-static-devel-4.20-1.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/python-magic-4.20-1.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/file-4.20-1.1mdv2007.1.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/file-4.20-1.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/lib64magic1-4.20-1.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/lib64magic1-devel-4.20-1.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/lib64magic1-static-devel-4.20-1.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/python-magic-4.20-1.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/file-4.20-1.1mdv2007.1.src.rpm Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2.dsc http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2.diff.gz http://security.debian.org/pool/updates/main/f/file/file_4.12.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_alpha.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_alpha.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_alpha.deb AMD64 http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_amd64.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_amd64.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_amd64.deb ARM http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_arm.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_arm.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_arm.deb HP Precision http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_hppa.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_hppa.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_i386.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_i386.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_ia64.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_ia64.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_m68k.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_m68k.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_mips.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_mips.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_mips.deb PowerPC http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_powerpc.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_powerpc.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_s390.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_s390.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_sparc.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_sparc.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_sparc.deb Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2.dsc http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2.diff.gz http://security.debian.org/pool/updates/main/f/file/file_4.17.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_alpha.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_alpha.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_alpha.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_alpha.deb AMD64 http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_amd64.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_amd64.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_amd64.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_amd64.deb ARM http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_arm.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_arm.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_arm.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_arm.deb HP Precision http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_hppa.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_hppa.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_hppa.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_i386.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_i386.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_i386.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_ia64.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_ia64.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_ia64.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_ia64.deb Big endian MIPS http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_mips.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_mips.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_mips.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_mipsel.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_mipsel.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_mipsel.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_powerpc.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_powerpc.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_powerpc.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_s390.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_s390.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_s390.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_sparc.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_sparc.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_sparc.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_sparc.deb Debian (DSA 1343-2) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3.diff.gz http://security.debian.org/pool/updates/main/f/file/file_4.17.orig.tar.gz http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3.dsc alpha http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch3_alpha.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch3_alpha.deb http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3_alpha.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch3_alpha.deb amd64 http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch3_amd64.deb http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3_amd64.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch3_amd64.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch3_amd64.deb arm http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch3_arm.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch3_arm.deb http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3_arm.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch3_arm.deb hppa http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch3_hppa.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch3_hppa.deb http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3_hppa.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch3_hppa.deb i386 http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch3_i386.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch3_i386.deb http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3_i386.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch3_i386.deb ia64 http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch3_ia64.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch3_ia64.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch3_ia64.deb http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3_ia64.deb mips http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch3_mips.deb http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3_mips.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch3_mips.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch3_mips.deb mipsel http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch3_mipsel.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch3_mipsel.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch3_mipsel.deb http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3_mipsel.deb powerpc http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch3_powerpc.deb http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3_powerpc.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch3_powerpc.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch3_powerpc.deb s390 http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch3_s390.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch3_s390.deb http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3_s390.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch3_s390.deb sparc http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch3_sparc.deb http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch3_sparc.deb http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch3_sparc.deb http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch3_sparc.deb |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE |
CVE-2007-2026 CVE-2007-2799 |
| BID | 24146 |
Recursos adicionales |
|
|
Mandriva Security Advisory (MDKSA-2007:114) http://www.mandriva.com/security/advisories?name=MDKSA-2007:114 SUSE Security Advisory (SUSE-SA:2007:040) http://www.novell.com/linux/security/advisories/2007_40_file.html Debian Security Advisory (DSA 1343-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00105.html Debian Security Advisory (DSA 1343-2) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00146.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2007-06-08 |
| 1.1 | Aviso emitido por Suse (SUSE-SA:2007:040) | 2007-07-06 |
| 1.2 | Aviso emitido por Debian (DSA 1343-1) | 2007-08-01 |
| 1.3 | Aviso emitido por Debian (DSA 1343-2) | 2007-09-27 |