• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

File(1) Command File_PrintF Integer Underflow Vulnerability

Solution:
The vendor has released version 4.20 to address this issue. Please see the references for more information.


file file 4.15

• file file-4.20.tar.gz
  ftp://ftp.astron.com/pub/file/file-4.20.tar.gz

Turbolinux wizpy 0

• Turbolinux file-4.07-2.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/


• Turbolinux file-4.14-3.i386.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

FreeBSD FreeBSD 6.2

• FreeBSD file6.patch
  http://security.FreeBSD.org/patches/SA-07:04/file6.patch


• FreeBSD file6.patch.asc
  http://security.FreeBSD.org/patches/SA-07:04/file6.patch.asc

Turbolinux Turbolinux Server 10.0

• Turbolinux file-4.03-5.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/file-4.03-5.i586.rpm


• Turbolinux file-4.07-2.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/file-devel-4.07-2.x86_64.rpm


• Turbolinux file-debug-4.07-2.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/file-devel-4.07-2.x86_64.rpm


• Turbolinux file-devel-4.07-2.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/file-devel-4.07-2.x86_64.rpm

Slackware Linux 10.0

• Slackware file-4.20-i486-1_slack10.0.tgz
  Slackware 10.0:
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ file-4.20-i486-1_slack10.0.tgz

Slackware Linux 10.2

• Slackware file-4.20-i486-1_slack10.2.tgz
  Slackware 10.2:
  ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ file-4.20-i486-1_slack10.2.tgz


• Slackware file-4.20-i486-1_slack11.0.tgz
  Slackware 11.0:
  ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ file-4.20-i486-1_slack11.0.tgz

Apple Mac OS X Server 10.3.9

• Apple SecUpdSrvr2007-005Pan.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13993&cat= 1&platform=osx&method=sa/SecUpdSrvr2007-005Pan.dmg

Apple Mac OS X 10.3.9

• Apple SecUpd2007-005Pan.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13992&cat= 1&platform=osx&method=sa/SecUpd2007-005Pan.dmg

Apple Mac OS X Server 10.4.9

• Apple SecUpd2007-005Ti.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&cat= 1&platform=osx&method=sa/SecUpd2007-005Ti.dmg


• Apple SecUpd2007-005Univ.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&cat= 1&platform=osx&method=sa/SecUpd2007-005Univ.dmg

file file 3.30

• file file-4.20.tar.gz
  ftp://ftp.astron.com/pub/file/file-4.20.tar.gz

file file 3.32

• file file-4.20.tar.gz
  ftp://ftp.astron.com/pub/file/file-4.20.tar.gz

file file 3.35

• file file-4.20.tar.gz
  ftp://ftp.astron.com/pub/file/file-4.20.tar.gz

file file 3.37

• file file-4.20.tar.gz
  ftp://ftp.astron.com/pub/file/file-4.20.tar.gz

file file 3.41

• file file-4.20.tar.gz
  ftp://ftp.astron.com/pub/file/file-4.20.tar.gz

file file 4.12

• Debian file_4.12-1sarge1_alpha.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ alpha.deb


• Debian file_4.12-1sarge1_amd64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ amd64.deb


• Debian file_4.12-1sarge1_arm.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ arm.deb


• Debian file_4.12-1sarge1_hppa.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ hppa.deb


• Debian file_4.12-1sarge1_i386.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ i386.deb


• Debian file_4.12-1sarge1_ia64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ ia64.deb


• Debian file_4.12-1sarge1_m68k.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ m68k.deb


• Debian file_4.12-1sarge1_mips.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ mips.deb


• Debian file_4.12-1sarge1_mipsel.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ mipsel.deb


• Debian file_4.12-1sarge1_powerpc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ powerpc.deb


• Debian file_4.12-1sarge1_s390.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ s390.deb


• Debian file_4.12-1sarge1_sparc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ sparc.deb


• Debian libmagic-dev_4.12-1sarge1_alpha.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12- 1sarge1_alpha.deb


• Debian libmagic-dev_4.12-1sarge1_amd64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12- 1sarge1_amd64.deb


• Debian libmagic-dev_4.12-1sarge1_arm.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12- 1sarge1_arm.deb


• Debian libmagic-dev_4.12-1sarge1_hppa.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12- 1sarge1_hppa.deb


• Debian libmagic-dev_4.12-1sarge1_i386.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12- 1sarge1_i386.deb


• Debian libmagic-dev_4.12-1sarge1_ia64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12- 1sarge1_ia64.deb


• Debian libmagic-dev_4.12-1sarge1_m68k.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12- 1sarge1_m68k.deb


• Debian libmagic-dev_4.12-1sarge1_mips.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12- 1sarge1_mips.deb


• Debian libmagic-dev_4.12-1sarge1_mipsel.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12- 1sarge1_mipsel.deb


• Debian libmagic-dev_4.12-1sarge1_powerpc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12- 1sarge1_powerpc.deb


• Debian libmagic-dev_4.12-1sarge1_s390.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12- 1sarge1_s390.deb


• Debian libmagic-dev_4.12-1sarge1_sparc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12- 1sarge1_sparc.deb


• Debian libmagic1_4.12-1sarge1_alpha.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sa rge1_alpha.deb


• Debian libmagic1_4.12-1sarge1_amd64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/http://security.de bian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_amd64.deb


• Debian libmagic1_4.12-1sarge1_arm.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sa rge1_arm.deb


• Debian libmagic1_4.12-1sarge1_hppa.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sa rge1_hppa.deb


• Debian libmagic1_4.12-1sarge1_i386.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sa rge1_i386.deb


• Debian libmagic1_4.12-1sarge1_ia64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sa rge1_ia64.deb


• Debian libmagic1_4.12-1sarge1_m68k.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sa rge1_m68k.deb


• Debian libmagic1_4.12-1sarge1_mips.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sa rge1_mips.deb


• Debian libmagic1_4.12-1sarge1_mipsel.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sa rge1_mipsel.deb


• Debian libmagic1_4.12-1sarge1_powerpc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sa rge1_powerpc.deb


• Debian libmagic1_4.12-1sarge1_s390.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sa rge1_s390.deb


• Debian libmagic1_4.12-1sarge1_sparc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sa rge1_sparc.deb


• file file-4.20.tar.gz
  ftp://ftp.astron.com/pub/file/file-4.20.tar.gz

file file 4.4

• file file-4.20.tar.gz
  ftp://ftp.astron.com/pub/file/file-4.20.tar.gz

file file 4.5

• file file-4.20.tar.gz
  ftp://ftp.astron.com/pub/file/file-4.20.tar.gz

file file 4.6

• file file-4.20.tar.gz
  ftp://ftp.astron.com/pub/file/file-4.20.tar.gz

file file 4.7

• file file-4.20.tar.gz
  ftp://ftp.astron.com/pub/file/file-4.20.tar.gz

Slackware Linux 9.1

• Slackware file-4.20-i486-1_slack9.1.tgz
  Slackware 9.1:
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/f ile-4.20-i486-1_slack9.1.tgz