CentOS 4 : file (CESA-2007:0124)

high Nessus Plugin ID 24878

Synopsis

The remote CentOS host is missing a security update.

Description

An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The file command is used to identify a particular file according to the type of data contained by the file.

An integer underflow flaw was found in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution.
(CVE-2007-1536)

This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3.

Users should upgrade to this erratum package, which contain a backported patch to correct this issue.

Solution

Update the affected file package.

See Also

http://www.nessus.org/u?304d3aa7

http://www.nessus.org/u?3bc1f659

http://www.nessus.org/u?b33d28d3

Plugin Details

Severity: High

ID: 24878

File Name: centos_RHSA-2007-0124.nasl

Version: 1.16

Type: local

Agent: unix

Published: 3/26/2007

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:centos:centos:4, p-cpe:/a:centos:centos:file

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/24/2007

Vulnerability Publication Date: 3/20/2007

Reference Information

CVE: CVE-2007-1536

BID: 23021

RHSA: 2007:0124