FrSIRT - Fedora Security Update Fixes File Client-Side Integer Underflow Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes File Client-Side Integer Underflow Vulnerability

Title : Fedora Security Update Fixes File Client-Side Integer Underflow Vulnerability
Advisory ID : FrSIRT/ADV-2007-2134
CVE ID : CVE-2007-2799
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-12

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to execute arbitrary code [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

945c3fb4429d73a44835007fc9abd2f782cbf285 SRPMS/file-4.21-1.fc5.src.rpm
945c3fb4429d73a44835007fc9abd2f782cbf285 noarch/file-4.21-1.fc5.src.rpm
0615b8f0fb8578daf832829f65ecdd851806fb6d ppc/debug/file-debuginfo-4.21-1.fc5.ppc.rpm
d9064b673a4f44df3aab46cad6fc7e5875ea5d44 ppc/file-4.21-1.fc5.ppc.rpm
fb31c4a9eb2c5dc514f07ba6c39127bfc4e842ac x86_64/file-4.21-1.fc5.x86_64.rpm
60299e040f9581fbee26b4ec3c16c3c20af3e861 x86_64/debug/file-debuginfo-4.21-1.fc5.x86_64.rpm
99d080b97df277f51e285857c6e4033c40a0adc6 i386/debug/file-debuginfo-4.21-1.fc5.i386.rpm
789429cef0bdf6940ea3ec3cfde1b9eedf9187ef i386/file-4.21-1.fc5.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

f57bc94e34d2ee1878df3f888752bf505c635296 SRPMS/file-4.21-1.fc6.src.rpm
f57bc94e34d2ee1878df3f888752bf505c635296 noarch/file-4.21-1.fc6.src.rpm
862ff9ddac096cc96f9fd7fb766cfe82e0eff8c8 ppc/file-4.21-1.fc6.ppc.rpm
f57b30a40a3470c7e771a29c5f1a686293759639 ppc/debug/file-debuginfo-4.21-1.fc6.ppc.rpm
88c8f8086e8ae3f848bd2d6a4addf5af5e9dd864 x86_64/debug/file-debuginfo-4.21-1.fc6.x86_64.rpm
450d0a9de957400beb77002aa11943c4f45b9914 x86_64/file-4.21-1.fc6.x86_64.rpm
3cc14205bfc45b9f1d4bec4a96afee6dac7ffb69 i386/debug/file-debuginfo-4.21-1.fc6.i386.rpm
624e76ad580f3749f8afe00f04fc79bf25327e5c i386/file-4.21-1.fc6.i386.rpm

ChangeLog

2007-06-12 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability
	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities
	Cisco Intrusion Prevention System Jumbo Frame Vulnerability
	Cisco VPN Client Deterministic Network Enhancer Privilege Escalation

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability
	IBM Lotus Quickr Multiple Cross Site Scripting Vulnerabilities
	IBM WebSphere Portal Remote Authentication Bypass Vulnerability
	IBM Rational ClearQuest Login Page Cross Site Scripting Vulnerability
	IBM WebSphere Application Server Security Exposure Vulnerabilities