GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Oct 08, 2017 2:26 pm Post subject: [ GLSA 201710-02 ] file |
 |
|
Gentoo Linux Security Advisory
Title: file: Stack-based buffer overflow (GLSA 201710-02)
Severity: normal
Exploitable: remote
Date: 2017-10-08
Bug(s): #629872
ID: 201710-02
Synopsis
A stack-based buffer overflow was found in file, possibly resulting
in the execution of arbitrary code.
Background
file is a utility that guesses a file format by scanning binary data for
patterns.
Affected Packages
Package: sys-apps/file
Vulnerable: < 5.32
Unaffected: >= 5.32
Architectures: All supported architectures
Description
An issue discovered in file allows attackers to write 20 bytes to the
stack buffer via a specially crafted .notes section.
Impact
A remote attacker, by using a specially crafted .notes section in an ELF
binary, could execute arbitrary code or cause a Denial of Service
condition.
Workaround
There is no known workaround at this time.
Resolution
All file users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/file-5.32"
|
References
CVE-2017-1000249
|
|
News & Announcements
