• info
• discussion
• exploit
• solution
• references

File Local Stack Overflow Code Execution Vulnerability

Solution:
Sun has updated its advisory (Sun Alert ID: 56040) and has included fixes to address this issue for Sun Linux 5.0.6. Fixes for other affected Sun products are pending release.

Immunix has released a security advisory (IMNX-2003-7+-012-01) and fixes for this issue. Users are advised to upgrade as soon as possible.

SuSE has released a security advisory (SuSE-SA:2003:017) which contains fixes for this issue. Users are advised to upgrade as soon as possible.

Gentoo Linux users running sys-apps/file may upgrade to file-3.41 with the following commands:

emerge sync
emerge file
emerge clean

NetBSD Security Advisory 2003-003 has been released. Information on how to update vulnerable installations via CVS can be obtained from the attached advisory.

Trustix advisory TSL-2003-0006 contains fixes which address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Fixes have been made available:


file file 3.28

• Red Hat file-3.39-8.6x.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/file-3.39-8.6x.i386.rpm


• SCO file-3.28-8.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-018.0/R PMS/file-3.28-8.i386.rpm


• SCO file-3.28-8.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-01 8.0/RPMS/file-3.28-8.i386.rpm


• SCO file-3.28-8.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-018.0/RPM S/file-3.28-8.i386.rpm


• SCO file-3.28-8.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-018. 0/RPMS/file-3.28-8.i386.rpm

file file 3.30

• Immunix file-3.30-7_imnx_3.41_1.i386.rpm
  Immunix OS 7+
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/file-3.30-7_imnx _3.41_1.i386.rpm


• Red Hat file-3.39-8.7x.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/file-3.39-8.7x.i386.rpm

file file 3.32

• MandrakeSoft file-3.41-1.1mdk.i586.rpm
  Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft file-3.41-1.1mdk.i586.rpm
  Linux-Mandrake 7.2
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft file-3.41-1.1mdk.i586.rpm
  Mandrake Linux 9.0
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft file-3.41-1.1mdk.i586.rpm
  Single Network Firewall 7.2
  http://www.mandrakesecure.net/en/ftp.php


• S.u.S.E. file-3.32-118.i386.rpm
  SuSE-7.1
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/a1/file-3.32-118.i386.rpm


• S.u.S.E. file-3.32-118.src.rpm
  SuSE-7.1
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/file-3.32-118.src.rpm


• S.u.S.E. file-3.32-36.ppc.rpm
  SuSE-7.1
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/a1/file-3.32-36.ppc.rpm


• S.u.S.E. file-3.32-36.src.rpm
  SuSE-7.1
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/file-3.32-36.src.rpm


• S.u.S.E. file-3.32-69.alpha.rpm
  SuSE-7.1
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/a1/file-3.32-69.alpha.rpm


• S.u.S.E. file-3.32-69.src.rpm
  SuSE-7.1
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/file-3.32-69.src.rpm


• S.u.S.E. file-3.33-85.i386.rpm
  SuSE-7.3
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/a1/file-3.33-85.i386.rpm


• S.u.S.E. file-3.33-85.src.rpm
  SuSE-7.3
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/file-3.33-85.src.rpm


• Trustix file-3.41-1tr.i586.rpm
  ftp://ftp.trustix.net/pub/Trustix/updates/1.1/RPMS/file-3.41-1tr.i586. rpm


• Trustix file-3.41-1tr.i586.rpm
  ftp://ftp.trustix.net/pub/Trustix/updates/1.2/RPMS/file-3.41-1tr.i586. rpm

file file 3.33

• Red Hat file-3.39-8.7x.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/file-3.39-8.7x.i386.rpm


• S.u.S.E. file-3.33-39.sparc.rpm
  SuSE-7.3
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/a1/file-3.33-39.sparc.rpm


• S.u.S.E. file-3.33-39.src.rpm
  SuSE-7.3
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/file-3.33-39.src.rpm


• S.u.S.E. file-3.33-69.ppc.rpm
  SuSE-7.3
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/a1/file-3.33-69.ppc.rpm


• S.u.S.E. file-3.33-69.src.rpm
  SuSE-7.3
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/file-3.33-69.src.rpm

file file 3.34

• MandrakeSoft file-3.41-1.1mdk.i586.rpm
  Mandrake Linux 8.0
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft file-3.41-1.1mdk.ppc.rpm
  Mandrake Linux 8.0/PPC
  http://www.mandrakesecure.net/en/ftp.php

file file 3.35

• Red Hat file-3.39-8.7x.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/file-3.39-8.7x.i386.rpm


• Red Hat file-3.39-8.7x.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/file-3.39-8.7x.ia64.rpm


• Trustix file-3.41-1tr.i586.rpm
  ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/file-3.41-1tr.i586. rpm

file file 3.36

• MandrakeSoft file-3.41-1.1mdk.i586.rpm
  Mandrake Linux 8.1
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft file-3.41-1.1mdk.ia64.rpm
  Mandrake Linux 8.1/IA64
  http://www.mandrakesecure.net/en/ftp.php

file file 3.37

• Conectiva file-3.41-1U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/file-3.41-1U60_1cl.i386.r pm


• Conectiva file-3.41-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/file-3.41-1U70_1cl.i386.r pm


• Conectiva file-3.41-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/file-3.41-1U80_1cl.i386.rpm


• file file-3.41.tar.gz
  ftp://ftp.gw.com/mirrors/pub/unix/file/file-3.41.tar.gz


• MandrakeSoft file-3.41-1.1mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft file-3.41-1.1mdk.ppc.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Red Hat file-3.39-8.7x.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/file-3.39-8.7x.i386.rpm


• Red Hat file-3.39-9.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/file-3.39-9.i386.rpm


• S.u.S.E. file-3.37-206.i386.patch.rpm
  SuSE-8.0
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/a1/file-3.37-206.i386.patc h.rpm


• S.u.S.E. file-3.37-206.i386.rpm
  SuSE-8.0
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/a1/file-3.37-206.i386.rpm


• S.u.S.E. file-3.37-206.i586.patch.rpm
  SuSE-8.1
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/file-3.37-206.i58 6.patch.rpm


• S.u.S.E. file-3.37-206.i586.rpm
  SuSE-8.1
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/file-3.37-206.i58 6.rpm


• S.u.S.E. file-3.37-206.src.rpm
  SuSE-8.0
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/file-3.37-206.src.rpm


• S.u.S.E. file-3.37-206.src.rpm
  SuSE-8.1
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/file-3.37-206.src. rpm

file file 3.39

• file file-3.41.tar.gz
  ftp://ftp.gw.com/mirrors/pub/unix/file/file-3.41.tar.gz


• MandrakeSoft file-3.41-1.1mdk.i586.rpm
  Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft file-3.41-1.1mdk.i586.rpm
  Mandrake Linux 9.0
  http://www.mandrakesecure.net/en/ftp.php


• OpenPKG file-3.39-1.1.2.src.rpm
  ftp://ftp.openpkg.org/release/1.1/UPD/file-3.39-1.1.2.src.rpm


• OpenPKG file-3.39-1.2.1.src.rpm
  ftp://ftp.openpkg.org/release/1.2/UPD/file-3.39-1.2.1.src.rpm


• Red Hat file-3.39-8.7x.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/file-3.39-8.7x.ppc.rpm


• Red Hat file-3.39-8.7x.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/file-3.39-8.7x.ppc.rpm


• Sun file-3.39-8.7x.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/file-3.39-8.7x.i386.rpm

file file 3.40

• EnGarde Secure Linux file-3.41-1.0.2.i386.rpm
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i386/file-3.41-1 .0.2.i386.rpm


• EnGarde Secure Linux file-3.41-1.0.2.i686.rpm
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i686/file-3.41-1 .0.2.i686.rpm


• EnGarde Secure Linux file-3.41-1.0.2.src.rpm
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/SRPMS/file-3.41- 1.0.2.src.rpm


• file file-3.41.tar.gz
  ftp://ftp.gw.com/mirrors/pub/unix/file/file-3.41.tar.gz


• OpenPKG file-3.41-20030228.src.rpm
  ftp://ftp.openpkg.org/current/SRC/file-3.41-20030228.src.rpm