Debian Security Advisory

DSA-260-1 file -- buffer overflow

Date Reported:

13 Mar 2003

Affected Packages:

file

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2003-0102.

More information:

iDEFENSE discovered a buffer overflow vulnerability in the ELF format parsing of the "file" command, one which can be used to execute arbitrary code with the privileges of the user running the command. The vulnerability can be exploited by crafting a special ELF binary which is then input to file. This could be accomplished by leaving the binary on the file system and waiting for someone to use file to identify it, or by passing it to a service that uses file to classify input. (For example, some printer filters run file to determine how to process input going to a printer.)

Fixed packages are available in version 3.28-1.potato.1 for Debian 2.2 (potato) and version 3.37-3.1.woody.1 for Debian 3.0 (woody). We recommend you upgrade your file package immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1.dsc; http://security.debian.org/pool/updates/main/f/file/file_3.28.orig.tar.gz; http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1.diff.gz
alpha (DEC Alpha):: http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_alpha.deb
arm (ARM):: http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_arm.deb
i386 (Intel ia32):: http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_i386.deb
m68k (Motorola Mc680x0):: http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_m68k.deb
powerpc (PowerPC):: http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_powerpc.deb
sparc (Sun SPARC/UltraSPARC):: http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_sparc.deb

Debian GNU/Linux 3.0 (woody)

Source:: http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1.diff.gz; http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1.dsc; http://security.debian.org/pool/updates/main/f/file/file_3.37.orig.tar.gz
alpha (DEC Alpha):: http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_alpha.deb
arm (ARM):: http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_arm.deb
hppa (HP PA RISC):: http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_hppa.deb
i386 (Intel ia32):: http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_i386.deb
ia64 (Intel ia64):: http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_ia64.deb
m68k (Motorola Mc680x0):: http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_m68k.deb
mips (MIPS (Big Endian)):: http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_mips.deb
mipsel (MIPS (Little Endian)):: http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_mipsel.deb
powerpc (PowerPC):: http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_powerpc.deb
s390 (IBM S/390):: http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_s390.deb
sparc (Sun SPARC/UltraSPARC):: http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.