Flaw Fixed in Unix-like Systems

Apr 03, 2007

A file integer underflow vulnerability could be exploited to trigger buffer overflow in unpatched Unix-like systems.

A buffer overflow vulnerability caused by an integer underflow in the file_printf function in Unix-like operating systems has been patched.

The flaw is contained within the file program and could allow an attacker to execute arbitrary code or create a denial of service condition, according to a posting on the United States Computer Emergency Readiness Team's Web site.

File is a program used to determine what type of data is contained in a file. To trigger the overflow, a hacker would need to get a user to run a vulnerable version of file on a specially crafted file, the advisory states.

"Version 4.20 of file was released to address this issue," according to the US-CERT advisory.

If exploited, an attacker could execute malicious code with the permissions of the user running the vulnerable version of file or cause the program to crash, creating a denial-of-service condition.

Patches by Red Hat and Ubuntu were released more than a week ago for users of Red Hat Enterprise Linux 4 and 5 as well as Ubuntu 5.10, Ubuntu 6.06 LTS, Ubuntu 6.10 and corresponding versions of Kubuntu, Edubuntu, and Xubuntu. OpenWall GNU/*Linux and Mandriva have also released updates to address the issue.

In addition, running the file program with a limited user account may partially address the impact of a successful exploit of the flaw.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Microsoft CEO is driving data-culture mindset

add to favorites email to friend print save as pdf

Related Stories

Recommended for you

Microsoft CEO is driving data-culture mindset

1 hour ago

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Enabling dynamic prioritization of data in the cloud

Apr 14, 2014

IBM inventors have patented a cloud computing invention that can improve quality of service for clients by enabling data to be dynamically modified, prioritized and shared across a cloud environment.

User comments : 0

More news stories

IBM posts lower 1Q earnings amid hardware slump

IBM's first-quarter earnings fell and revenue came in below Wall Street's expectations amid an ongoing decline in its hardware business, one that was exasperated by weaker demand in China and emerging markets.

Microsoft CEO is driving data-culture mindset

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Quantenna promises 10-gigabit Wi-Fi by next year

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Down's chromosome cause genome-wide disruption

The extra copy of Chromosome 21 that causes Down's syndrome throws a spanner into the workings of all the other chromosomes as well, said a study published Wednesday that surprised its authors.

Researchers see hospitalization records as additional tool

Comparing hospitalization records with data reported to local boards of health presents a more accurate way to monitor how well communities track disease outbreaks, according to a paper published April 16 in the journal PLOS ON ...

Ebola virus in Africa outbreak is a new strain

The Ebola virus that has killed scores of people in Guinea this year is a new strain—evidence that the disease did not spread there from outbreaks in some other African nations, scientists report.