Bug 152865 - CAN-2004-1304, File ELF Header Unspecified Buffer Overflow
CAN-2004-1304, File ELF Header Unspecified Buffer Overflow
Status: CLOSED WONTFIX
Product: Fedora Legacy
Classification: Retired
Component: file (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://www.securityfocus.com/advisori...
LEGACY, DEFER
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-12-07 04:27 EST by John Dalbec
Modified: 2007-04-18 13:22 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-13 09:01:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:30:11 EST
04.48.16 CVE: Not Available
Platform: Unix
Title: File ELF Header Unspecified Buffer Overflow
Description: The Unix file command is affected by a buffer overflow
vulnerability.  This issue is due to a failure of the application to
properly validate string lengths in the affected files prior to
copying them into static process buffers. This can be leveraged by an
attacker to execute hostile code on the vulnerable system.
Ref: http://www.securityfocus.com/advisories/7566



------- Additional Comments From bugzilla.fedora.us@beej.org 2004-12-14 08:40:43 ----

gentoo has an advisory on it, now, too:
http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml



------- Additional Comments From pekkas@netcore.fi 2005-02-15 07:21:09 ----

This seems to be CAN-2004-1304.  Red Hat has not bothered to patch this.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:30 -------

This bug previously known as bug 2331 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2331
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Mark J. Cox (Product Security) 2005-04-25 05:58:57 EDT
This was discussed by vendor-sec and found to be a non-issue.  A number of
patches were added to correct issues in file.  The implications of these issues
is that a malformed ELF binary could cause an error, or in the worst case a
crash during operation.  The flaws were not found to be exploitable.
Comment 2 Pekka Savola 2005-05-16 07:57:16 EDT
Should this be closed as WONTFIX?
Comment 3 Pekka Savola 2005-11-16 08:14:23 EST
This doesn't seem to be important enough to fix just on its own, so mark it DEFER.
Comment 4 Jesse Keating 2006-08-13 09:01:53 EDT
This won't be released by Fedora Legacy.

Note You need to log in before you can comment on or make changes to this bug.