SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   file Vendors:   Darwin, Ian F.
(Debian Issues Fix) 'file' Utility Buffer Overflow May Let Local Users Gain Elevated Privileges in Certain Cases
SecurityTracker Alert ID:  1006276
SecurityTracker URL:  http://securitytracker.com/id/1006276
CVE Reference:   CVE-2003-0102   (Links to External Site)
Date:  Mar 13 2003
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.39 and prior versions
Description:   A buffer overflow vulnerability was reported in file(1). A local user may be able to get a local user to execute arbitrary code.

iDEFENSE reported that the flaw resides in a doshn() function call in the 'readelf.c' file. If a local user can get another target local user to invoke the file(1) command to examine a specially crafted malicious file, arbitrary code may be executed with the privileges of the target user.

A demonstration exploit transcript is provided in the Source Message.

Impact:   A local user may be able to cause arbitrary code to be executed by a target user with the privileges of the target user.
Solution:   Debian has released a fix in in version 3.28-1.potato.1 for Debian 2.2 (potato) and version 3.37-3.1.woody.1 for Debian 3.0 (woody).

Debian 2.2 (potato):

Debian 2.2 (potato) was released for alpha, arm, i386, m68k, powerpc and sparc.

Source archives:

http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1.dsc
Size/MD5 checksum: 639 85bbfb52d13c084a9029f3552d7e1dfe
http://security.debian.org/pool/updates/main/f/file/file_3.28.orig.tar.gz
Size/MD5 checksum: 124529 a6bdc66e9c6af58da6977a57923c02c0
http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1.diff.gz
Size/MD5 checksum: 31736 9c23fac99161cc9a5e133be542fe0226

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_alpha.deb
Size/MD5 checksum: 92170 18bdf5775e40243e7e17ebac7dbed730

arm architecture (ARM)

http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_arm.deb
Size/MD5 checksum: 88572 c51e09397b04358ab7e42c710dab4ca9

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_i386.deb
Size/MD5 checksum: 88164 9a1945e7449e5bc243fd22af2cfb15a2

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_m68k.deb
Size/MD5 checksum: 87186 1348a858e3715d25c862648c41ac793f

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_powerpc.deb
Size/MD5 checksum: 89346 b7190fd329df08377dc922d014d46195

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_sparc.deb
Size/MD5 checksum: 91412 032448fa4cf7b4bc4d8ce3bbe7470a3f

Debian 3.0 (woody):

Debian 3.0 (woody) was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1.diff.gz
Size/MD5 checksum: 47683 5653fa12fb92b465017b7fb847591bc5
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1.dsc
Size/MD6 checksum: 678 9e5705581862d737a338471bfa031617
http://security.debian.org/pool/updates/main/f/file/file_3.37.orig.tar.gz
Size/MD5 checksum: 166623 5743b2fc24743b6188504762d40c0b4c

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_alpha.deb
Size/MD5 checksum: 180780 814139b8680577450d416fb386737d56

arm architecture (ARM)

http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_arm.deb
Size/MD5 checksum: 177040 b49fb60a60641cf5e27dea7b44338938

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_hppa.deb
Size/MD5 checksum: 179412 2388427c4f52ca11e2ac00b0d12e1b42

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_i386.deb
Size/MD5 checksum: 175246 ebac35a75aebe97cad2ebbfffe000f82

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_ia64.deb
Size/MD5 checksum: 184942 934d1a23acd4e343e390ebed66f2101e

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_m68k.deb
Size/MD5 checksum: 174058 69c08b32893304e1a821793ecf193393

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_mips.deb
Size/MD5 checksum: 178576 f913464347dde9972ec2c80b29393f6b

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_mipsel.deb
Size/MD5 checksum: 178460 0ce50ff45b9db314a737c8002e3bcb9c

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_powerpc.deb
Size/MD5 checksum: 177072 f43bc712f83b2cad0e4f3e40b1d491e7

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_s390.deb
Size/MD5 checksum: 177980 305395cc6fed6830697b7f39984d01d3

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_sparc.deb
Size/MD5 checksum: 179316 b957e930f657cd1674ef66a38ae2dbb0

Vendor URL:  www.debian.org/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Debian)
Underlying OS Comments:  2.2, 3.0

Message History:   This archive entry is a follow-up to the message listed below.
Mar 4 2003 'file' Utility Buffer Overflow May Let Local Users Gain Elevated Privileges in Certain Cases



 Source Message Contents

Subject:  [SECURITY] [DSA-260-1] New file package fixes buffer overflow


-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------
Debian Security Advisory DSA-260-1                       security@debian.org
http://www.debian.org/security/                                Michael Stone
March 13, 2003                            http://www.debian.org/security/faq
- ----------------------------------------------------------------------------

Package: file
Vulnerability: buffer overflow
Debian-specific: no
CVE Id: CAN-2003-0102

iDEFENSE discovered a buffer overflow vulnerability in the ELF format
parsing of the "file" command, one which can be used to execute
arbitrary code with the privileges of the user running the command. The
vulnerability can be exploited by crafting a special ELF binary which is
then input to file. This could be accomplished by leaving the binary on
the file system and waiting for someone to use file to identify it, or
by passing it to a service that uses file to classify input. (For
example, some printer filters run file to determine how to process input
going to a printer.)

Fixed packages are available in version 3.28-1.potato.1 for Debian 2.2
(potato) and version 3.37-3.1.woody.1 for Debian 3.0 (woody). We
recommend you upgrade your file package immediately.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .


Debian 2.2 (potato)
- ----------------------

  Debian 2.2 (potato) was released for alpha, arm, i386, m68k, powerpc and sparc.

  Source archives:

    http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1.dsc
      Size/MD5 checksum:      639 85bbfb52d13c084a9029f3552d7e1dfe
    http://security.debian.org/pool/updates/main/f/file/file_3.28.orig.tar.gz
      Size/MD5 checksum:   124529 a6bdc66e9c6af58da6977a57923c02c0
    http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1.diff.gz
      Size/MD5 checksum:    31736 9c23fac99161cc9a5e133be542fe0226

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_alpha.deb
      Size/MD5 checksum:    92170 18bdf5775e40243e7e17ebac7dbed730

  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_arm.deb
      Size/MD5 checksum:    88572 c51e09397b04358ab7e42c710dab4ca9

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_i386.deb
      Size/MD5 checksum:    88164 9a1945e7449e5bc243fd22af2cfb15a2

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_m68k.deb
      Size/MD5 checksum:    87186 1348a858e3715d25c862648c41ac793f

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_powerpc.deb
      Size/MD5 checksum:    89346 b7190fd329df08377dc922d014d46195

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_sparc.deb
      Size/MD5 checksum:    91412 032448fa4cf7b4bc4d8ce3bbe7470a3f

Debian 3.0 (woody)
- -------------------

  Debian 3.0 (woody) was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

  Source archives:

    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1.diff.gz
      Size/MD5 checksum:    47683 5653fa12fb92b465017b7fb847591bc5
    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1.dsc
      Size/MD6 checksum:      678 9e5705581862d737a338471bfa031617
    http://security.debian.org/pool/updates/main/f/file/file_3.37.orig.tar.gz
      Size/MD5 checksum:   166623 5743b2fc24743b6188504762d40c0b4c

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_alpha.deb
      Size/MD5 checksum:   180780 814139b8680577450d416fb386737d56

  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_arm.deb
      Size/MD5 checksum:   177040 b49fb60a60641cf5e27dea7b44338938

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_hppa.deb
      Size/MD5 checksum:   179412 2388427c4f52ca11e2ac00b0d12e1b42

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_i386.deb
      Size/MD5 checksum:   175246 ebac35a75aebe97cad2ebbfffe000f82

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_ia64.deb
      Size/MD5 checksum:   184942 934d1a23acd4e343e390ebed66f2101e

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_m68k.deb
      Size/MD5 checksum:   174058 69c08b32893304e1a821793ecf193393

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_mips.deb
      Size/MD5 checksum:   178576 f913464347dde9972ec2c80b29393f6b

  mipsel architecture (MIPS (Little Endian))

    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_mipsel.deb
      Size/MD5 checksum:   178460 0ce50ff45b9db314a737c8002e3bcb9c

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_powerpc.deb
      Size/MD5 checksum:   177072 f43bc712f83b2cad0e4f3e40b1d491e7

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_s390.deb
      Size/MD5 checksum:   177980 305395cc6fed6830697b7f39984d01d3

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_sparc.deb
      Size/MD5 checksum:   179316 b957e930f657cd1674ef66a38ae2dbb0

- ----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQCVAwUBPnB//w0hVr09l8FJAQFaOwP/SPlxPWnxJ3ptcpRSStSS4W/MKke04VMn
HhksZ2MQ8qPkorTTn/yr6uL3XBjLqSOi8sKNz7NozYbMroCeweu08tjKFIMtDPLJ
hpVQuZ9R9kIdi6SHzCwvIvoqFg6eVFvPs+zk/BUu85ITNUdSf9sNciE9N5wSZ/2A
R6odKBw0QQU=
=z7Nf
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC