Boletines de Vulnerabilidades

DSA-2861 file - denial of service

Información sobre el sistema
   
Software afectado Debian

Descripción
It was discovered that file, a file type classification tool, contains aflaw in the handling of indirect magic rules in the libmagic library,which leads to an infinite recursion when trying to determine the filetype of certain files. The Common Vulnerabilities and Exposures projectID CVE-2014-1943 has been assigned to identify this flaw. Additionally,other well-crafted files might result in long computation times (whileusing 100% CPU) and overlong results.

More info:

http://www.debian.org/security/2014/dsa-2861

Identificadores estándar
Propiedad Valor
CVE CVE-2014-1943 and DSA-2861.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-02-18

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT