Debian Security Advisory
DSA-260-1 file -- buffer overflow
- Date Reported:
- 13 Mar 2003
- Affected Packages:
- file
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2003-0102.
- More information:
-
iDEFENSE discovered a buffer overflow vulnerability in the ELF format parsing of the "file" command, one which can be used to execute arbitrary code with the privileges of the user running the command. The vulnerability can be exploited by crafting a special ELF binary which is then input to file. This could be accomplished by leaving the binary on the file system and waiting for someone to use file to identify it, or by passing it to a service that uses file to classify input. (For example, some printer filters run file to determine how to process input going to a printer.)
Fixed packages are available in version 3.28-1.potato.1 for Debian 2.2 (potato) and version 3.37-3.1.woody.1 for Debian 3.0 (woody). We recommend you upgrade your file package immediately.
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
- http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1.dsc
- http://security.debian.org/pool/updates/main/f/file/file_3.28.orig.tar.gz
- http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1.diff.gz
- http://security.debian.org/pool/updates/main/f/file/file_3.28.orig.tar.gz
- alpha (DEC Alpha):
- http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_alpha.deb
- arm (ARM):
- http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_arm.deb
- i386 (Intel ia32):
- http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_i386.deb
- m68k (Motorola Mc680x0):
- http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_m68k.deb
- powerpc (PowerPC):
- http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_powerpc.deb
- sparc (Sun SPARC/UltraSPARC):
- http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_sparc.deb
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1.diff.gz
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1.dsc
- http://security.debian.org/pool/updates/main/f/file/file_3.37.orig.tar.gz
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1.dsc
- alpha (DEC Alpha):
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_alpha.deb
- arm (ARM):
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_arm.deb
- hppa (HP PA RISC):
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_hppa.deb
- i386 (Intel ia32):
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_i386.deb
- ia64 (Intel ia64):
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_ia64.deb
- m68k (Motorola Mc680x0):
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_m68k.deb
- mips (MIPS (Big Endian)):
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_mips.deb
- mipsel (MIPS (Little Endian)):
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_mipsel.deb
- powerpc (PowerPC):
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_powerpc.deb
- s390 (IBM S/390):
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_s390.deb
- sparc (Sun SPARC/UltraSPARC):
- http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.