Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

file - CVE-2007-2799: incorrect patch for CVE-2007-1536

Related Vulnerabilities: CVE-2007-2799   CVE-2007-1536  

Source

Debian Bug report logs - #428293
file - CVE-2007-2799: incorrect patch for CVE-2007-1536

version graph

Package: file; Maintainer for file is Christoph Biedl <debian.axhn@manchmal.in-ulm.de>; Source for file is src:file (PTS, buildd, popcon).

Reported by: Bastian Blank <waldi@debian.org>

Date: Sun, 10 Jun 2007 14:03:01 UTC

Severity: serious

Tags: security

Found in version file/4.17-5etch4

Fixed in version file/4.17-5etch4

Done: Daniel Baumann <daniel@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#428293; Package file. (full text, mbox, link).

Acknowledgement sent to Bastian Blank <waldi@debian.org>:
New Bug report received and forwarded. Copy sent to Daniel Baumann <daniel@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Bastian Blank <waldi@debian.org>
To: submit@bugs.debian.org
Subject: file - CVE-2007-2799: incorrect patch for CVE-2007-1536
Date: Sun, 10 Jun 2007 16:02:20 +0200
[Message part 1 (text/plain, inline)]
Package: file
Version: 4.21-1
Severity: serious
Tags: security

| Integer overflow in the "file" program 4.20, when running on 32-bit
| systems, might allow user-assisted attackers to execute arbitrary code
| via a large file that triggers an overflow that bypasses an assert()
| statement. NOTE: this issue is due to an incorrect patch for
| CVE-2007-1536.

Bastian

-- 
Each kiss is as the first.
		-- Miramanee, Kirk's wife, "The Paradise Syndrome",
		   stardate 4842.6

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#428293; Package file. (full text, mbox, link).

Acknowledgement sent to Daniel Baumann <daniel@debian.org>:
Extra info received and forwarded to list. (full text, mbox, link).

Message #10 received at 428293@bugs.debian.org (full text, mbox, reply):

From: Daniel Baumann <daniel@debian.org>
To: 428293@bugs.debian.org
Cc: waldi@debian.org
Subject: Re: Bug#428293: file - CVE-2007-2799: incorrect patch for CVE-2007-1536
Date: Sun, 10 Jun 2007 15:11:10 +0000 (UTC)
> Integer overflow in the "file" program 4.20, when running on 32-bit
> systems, might allow user-assisted attackers to execute arbitrary code
> via a large file that triggers an overflow that bypasses an assert()
> statement. NOTE: this issue is due to an incorrect patch for
> CVE-2007-1536.

As file 4.21 is not affected, only sarge and needs an update. Sending the proposed package to the security team now.

Regards,
Daniel

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#428293; Package file. (full text, mbox, link).

Acknowledgement sent to Touko Korpela <tkorpela@phnet.fi>:
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel@debian.org>. (full text, mbox, link).

Message #15 received at 428293@bugs.debian.org (full text, mbox, reply):

From: Touko Korpela <tkorpela@phnet.fi>
To: Debian Bug Tracking System <428293@bugs.debian.org>
Subject: file: DoS in 4.21-1
Date: Mon, 11 Jun 2007 16:43:22 +0300
Package: file
Version: 4.21-1
Followup-For: Bug #428293

Different issue, but here is information about DoS bug:
http://www.amavis.org/security/asa-2007-3.txt

-quote begin-
To check, if this issue has been properly fixed, please do
the following steps:

$ perl -e 'for (1..2700) {print "\n" x 10}' >0.lis
$ file 0.lis

The output
"0.lis: ASCII text"
must appear immediately, without creating a huge CPU load.
-quote end-

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (900, 'testing'), (900, 'stable'), (700, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-4-k7 (SMP w/1 CPU core)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages file depends on:
ii  libc6                         2.5-10     GNU C Library: Shared libraries
ii  libmagic1                     4.21-1     File type determination library us

file recommends no packages.

-- no debconf information

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#428293; Package file. (full text, mbox, link).

Acknowledgement sent to daniel@debian.org:
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel@debian.org>.

Your message did not contain a Subject field. They are recommended and useful because the title of a Bug is determined using this field. Please remember to include a Subject field in your messages in future.

(full text, mbox, link).

Message #20 received at 428293@bugs.debian.org (full text, mbox, reply):

From: Daniel Baumann <daniel@debian.org>
To: 428293@bugs.debian.org, control@bugs.debian.org
Date: Tue, 12 Jun 2007 13:21:14 +0200
tags 428293 +etch
thanks

> As file 4.21 is not affected, only sarge and needs an update. Sending
> the proposed package to the security team now.

s/sarge/etch/

-- 
Address:        Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email:          daniel.baumann@panthera-systems.net
Internet:       http://people.panthera-systems.net/~daniel-baumann/

Tags added: etch Request was from Daniel Baumann <daniel@debian.org> to control@bugs.debian.org. (Tue, 12 Jun 2007 11:24:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#428293; Package file. (full text, mbox, link).

Acknowledgement sent to Touko Korpela <tkorpela@phnet.fi>:
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel@debian.org>. (full text, mbox, link).

Message #27 received at 428293@bugs.debian.org (full text, mbox, reply):

From: Touko Korpela <tkorpela@phnet.fi>
To: 428293@bugs.debian.org
Subject: status?
Date: Mon, 2 Jul 2007 15:49:21 +0300
found 428293 4.17-5etch4
thanks

What's status of this bug?
DoS in 4.21-1 is still there too.

Bug marked as found in version 4.17-5etch4. Request was from Touko Korpela <tkorpela@phnet.fi> to control@bugs.debian.org. (Mon, 02 Jul 2007 13:00:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#428293; Package file. (full text, mbox, link).

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel@debian.org>. (full text, mbox, link).

Message #34 received at 428293@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>
To: Daniel Baumann <daniel@debian.org>, 428293@bugs.debian.org
Cc: waldi@debian.org
Subject: Re: Bug#428293: file - CVE-2007-2799: incorrect patch for CVE-2007-1536
Date: Wed, 18 Jul 2007 23:17:44 +0200
On Sun, Jun 10, 2007 at 03:11:10PM +0000, Daniel Baumann wrote:
> > Integer overflow in the "file" program 4.20, when running on 32-bit
> > systems, might allow user-assisted attackers to execute arbitrary code
> > via a large file that triggers an overflow that bypasses an assert()
> > statement. NOTE: this issue is due to an incorrect patch for
> > CVE-2007-1536.
> 
> As file 4.21 is not affected, only sarge and needs an update. Sending the proposed package to the security team now.

This bug was filed against version 4.21-1 (which is in
testing/unstable), but it marked as only affecting etch.

I guess the 4.21-1 should be removed from the found version 
list, and added to the fixed list?  (And the etch tag can then
also be removed.)


Kurt

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#428293; Package file. (full text, mbox, link).

Acknowledgement sent to kurt@roeckx.be (Kurt Roeckx):
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel@debian.org>. (full text, mbox, link).

Message #39 received at 428293@bugs.debian.org (full text, mbox, reply):

From: kurt@roeckx.be (Kurt Roeckx)
To: control@bugs.debian.org
Cc: 428293@bugs.debian.org
Subject: tagging 428293
Date: Mon, 23 Jul 2007 00:25:36 +0200 (CEST)
# Automatically generated email from bts, devscripts version 2.9.6
# Someone mentioned that 4.21-1 has the problem too, so removing tag.  Please fix the version information if it's wrong.
tags 428293 - etch

Tags removed: etch Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Sun, 22 Jul 2007 22:33:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#428293; Package file. (full text, mbox, link).

Acknowledgement sent to Touko Korpela <tkorpela@phnet.fi>:
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel@debian.org>. (full text, mbox, link).

Message #46 received at 428293@bugs.debian.org (full text, mbox, reply):

From: Touko Korpela <tkorpela@phnet.fi>
To: 428293@bugs.debian.org
Cc: team@security.debian.org
Subject: Time for security upload?
Date: Mon, 30 Jul 2007 20:28:00 +0300
Could security team look at this and make upload for stable (and perhaps 
oldstable)?
DoS in unstable is still there too, but that's perhaps different issue.

Bug marked as not found in version 4.21-1. Request was from Touko Korpela <tkorpela@phnet.fi> to control@bugs.debian.org. (Tue, 31 Jul 2007 23:09:03 GMT) (full text, mbox, link).

Bug marked as fixed in version 4.17-5etch4. Request was from Touko Korpela <tkorpela@phnet.fi> to control@bugs.debian.org. (Wed, 01 Aug 2007 22:18:03 GMT) (full text, mbox, link).

Reply sent to daniel@debian.org:
You have taken responsibility. (full text, mbox, link).

Notification sent to Bastian Blank <waldi@debian.org>:
Bug acknowledged by developer. (full text, mbox, link).

Message #55 received at 428293-done@bugs.debian.org (full text, mbox, reply):

From: Daniel Baumann <daniel@debian.org>
To: 428293-done@bugs.debian.org
Subject: Re: file - CVE-2007-2799: incorrect patch for CVE-2007-1536
Date: Tue, 14 Aug 2007 22:54:40 +0200
This bug has been fixed everywhere, hence closing it.

-- 
Address:        Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email:          daniel.baumann@panthera-systems.net
Internet:       http://people.panthera-systems.net/~daniel-baumann/

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 12 Sep 2007 07:31:18 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:32:30 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started