Overview
A buffer overflow vulnerability exists in the "Automatic File Content Type Recognition Tool" versions of the file[1] package prior to 3.41.
Description
The file[1] package is used to examine files on the system. According to an OpenPKG advisory, a stack overflow vulnerability exists in the "Automatic File Content Type Recognition Tool" (AFCTR tool) versions of the file[1] package prior to 3.41. It appears that an exploit for this vulnerability has been posted to the bugtraq mailing list. |
Impact
If an attacker can craft a malicious file on the system and trick a victim to examine the file using the AFCTR tool, they can execute arbitrary code with the privileges of the victim. |
Solution
Upgrade to the version 3.41 of the file[1] package, or apply a patch specified by your vendor. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
David Endler is credited for reporting this vulnerability. Information regarding this vulnerability was disclosed in an OpenPKG advisory and an I-Defense advisory.
This document was written by Jason A Rafail.
Other Information
| CVE IDs: | None |
| Severity Metric: | 0.14 |
| Date Public: | 2003-03-04 |
| Date First Published: | 2003-03-06 |
| Date Last Updated: | 2003-03-07 20:16 UTC |
| Document Revision: | 11 |