Bug 85635

Summary: file utility contains buffer overflow
Product: Red Hat Enterprise Linux 2.1 Reporter: Mark J. Cox <mjc>
Component: fileAssignee: Jeff Johnson <jbj>
Status: CLOSED ERRATA QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.1CC: kmaraas
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-04-04 09:37:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark J. Cox 2003-03-05 11:13:27 UTC 
The file utility before version 3.41 contains a buffer overflow
vulnerability in the ELF parsing routines. This can allow an attacker to
create a carefully crafted binary that can cause arbitrary code to run if a
victim runs the 'file' command on the binary. 

http://www.idefense.com/advisory/03.04.03.txt 
CAN-2003-0102
Comment 1 Jeff Johnson 2003-03-05 15:17:02 UTC 

*** This bug has been marked as a duplicate of 85297 ***
Comment 2 Mark J. Cox 2003-03-05 15:22:11 UTC 
This is the Advanced Products tracking bug and therefore is not a duplicate of
85297.  Reopening.
Comment 3 Jeff Johnson 2003-03-05 16:23:09 UTC 
NEEDINFO so I don't have to stare at an open and pending (process imho) bug.
Comment 4 Kjartan Maraas 2003-04-03 20:03:05 UTC 
Wasn't this fixed in the latest errata for 2.1AS too?
Comment 5 Mark J. Cox 2003-04-04 09:37:50 UTC 
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2003-087.html