Home » Mailing list archives » netbsd-announce » 2008 » February » 28

NetBSD Security Advisory 2008-001: file(1) Integer overflow

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: NetBSD Security-Officer <security-officer@...>
To: <netbsd-announce@...>
Subject: NetBSD Security Advisory 2008-001: file(1) Integer overflow
Date: Thursday, February 28, 2008 - 7:36 pm

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1


		 NetBSD Security Advisory 2008-001

		 =================================


Topic:		file(1) Integer overflow


Version:	NetBSD-current:		affected

		NetBSD 4.0:		not affected

		NetBSD 3.1.1:		not affected

		NetBSD 3.1		affected

		NetBSD 3.0:		affected

		NetBSD 3.0.3:		not affected

		NetBSD 3.0.2:		affected

		NetBSD 3.0.1:		affected

		NetBSD 3.0:		affected

		NetBSD 2.1		affected

		NetBSD 2.0.*		affected


Severity:	Local code execution


Fixed:		NetBSD-current:		June 7, 2007

		NetBSD-3-1 branch:	June 24, 2007

		NetBSD-3-0 branch:	June 24, 2007

		NetBSD-3 branch:	June 24, 2007

			(3.2 will include the fix)

		pkgsrc:			file-4.2.1 corrects the issue


Abstract

========


An integer underflow was initially fixed in file 4.20 and soon after, a

new integer overflow was identified in the original fix. To address the

latest issue file 4.21 was release.  Either of these issues could result

in local code execution if using file(1) on a maliciously crafted file.


This vulnerability has been assigned CVE reference CVE-2007-1536 for the

initial issue and CVE-2007-2799 for the issue in the initial fix.


Technical Details

=================


An integer underflow was found in file_printf() which can lead to an

exploitable heap overflow.  The initial fix for this issue was found

to introduce an integer overflow which could again lead to code execution.

An updated patch was released as a part of file(1) 4.21.


Solutions and Workarounds

=========================


It is recommended that NetBSD users of vulnerable versions update

their binaries.


The following instructions describe how to upgrade your file(1)

binaries by updating your source tree and rebuilding and

installing a new version of file(1).


* NetBSD-current:


	Systems running NetBSD-current dated from before 2007-06-07

	should be upgraded to NetBSD-current dated 2007-06-08 or later.


	The following files/directories need to be updated from the

	netbsd-current CVS branch (aka HEAD):

		dist/file

		distrib/sets/lists/base/shl.elf

		distrib/sets/lists/base/shl.mi

		lib/Makefile

		lib/libmagic/Makefile

		lib/libmagic/config.h

		lib/libmagic/shlib_version

		tools/file/Makefile

		usr.bin/file/Makefile


	To update from CVS, re-build, and re-install file:


		# cd src

		# cvs update -d -P dist/file

		# cvs update -r distrib/sets/lists/base/shl.elf \

			distrib/sets/lists/base/shl.mi \

			lib/Makefile \

			lib/libmagic/Makefile \

			lib/libmagic/config.h \

			lib/libmagic/shlib_version \

			tools/file/Makefile \

			usr.bin/file/Makefile

		# cd usr.bin/file

		# make USETOOLS=no cleandir dependall

		# make USETOOLS=no install


* NetBSD 3.*:


	Systems running NetBSD 3.* sources dated from before

	2007-06-24 should be upgraded from NetBSD 3.* sources dated

	2007-06-25 or later.


	The following files/directories need to be updated from the

	netbsd-3, netbsd-3-0 or netbsd-3-1 branches:

		dist/file

		distrib/sets/lists/base/shl.elf

		distrib/sets/lists/base/shl.mi

		lib/Makefile

		lib/libmagic/Makefile

		lib/libmagic/config.h

		lib/libmagic/shlib_version

		tools/file/Makefile

		usr.bin/file/Makefile


	To update from CVS, re-build, and re-install file:


		# cd src

		# cvs update -d -P dist/file

		# cvs update -r distrib/sets/lists/base/shl.elf \

			distrib/sets/lists/base/shl.mi \

			lib/Makefile \

			lib/libmagic/Makefile \

			lib/libmagic/config.h \

			lib/libmagic/shlib_version \

			tools/file/Makefile \

			usr.bin/file/Makefile

		# cd usr.bin/file

		# make USETOOLS=no cleandir dependall

		# make USETOOLS=no install


Thanks To

=========


Christos Zoulas and Antti Kantee for patches, importing fixes and testing.


Revision History

================


	2008-02-28	Initial release


More Information

================


Advisories may be updated as new information becomes available.

The most recent version of this advisory (PGP signed) can be found at

  ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.tx...


Information about NetBSD and NetBSD security can be found at

http://www.NetBSD.org/ and http://www.NetBSD.org/Security/.


Copyright 2008, The NetBSD Foundation, Inc.  All Rights Reserved.

Redistribution permitted only in full, unmodified form.


$NetBSD: NetBSD-SA2008-001.txt,v 1.3 2008/02/28 19:27:42 adrianp Exp $


-----BEGIN PGP SIGNATURE-----


iQCVAwUBR8cLbz5Ru2/4N2IFAQI7VwP+KDlsvnFkH6fo07u+r1sYKQnGTVi7/tdA

i6mH7H5pAch+g5SlbtauE+6qQWLMA95N9g+I1l5QvBbXmz6czgQyfgQuAQ/JAyLE

c+hiHn+JdOTVPiZ/e5rpeOCIVDGznncm2zpMM5dUtoAlmXOITJTXSkCd00G0ofpM

jzAT1lK/AdA=

=+sib

-----END PGP SIGNATURE-----
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
NetBSD Security Advisory 2007-005: IPv6 Type 0 Routing Header, NetBSD Security-Officer, (Thu Sep 13, 5:56 pm)
NetBSD developer's summit @ NYCBSDCon 2008, Jan Schaumann, (Sat Jul 12, 3:40 pm)
NetBSD Security Advisory 2008-001: file(1) Integer overflow, NetBSD Security-Officer, (Thu Feb 28, 7:36 pm)
New "regional" mailing lists, Luke Mewburn, (Tue May 20, 11:07 pm)
Summer of Code projects selected, Jan Schaumann, (Mon Apr 20, 10:44 pm)
Regional-pt mailing list is now available, Christos Zoulas, (Sun Jan 25, 3:02 pm)
The NetBSD project celebrates its fifteenth anniversary, Alistair Crooks, (Thu Mar 20, 2:57 am)
New NetBSD Developer, Simas Mockevicius, (Wed Nov 3, 1:00 pm)
NetBSD Security Advisory 2004-010: Insufficient argument val..., NetBSD Security-Officer, (Fri Dec 17, 1:29 am)
NetBSD Security Advisory 2008-011: ICMPv6 MLD query, NetBSD Security-Officer, (Thu Sep 4, 5:52 pm)
cvsweb maintenance, SODA Noriyuki, (Mon May 2, 7:25 am)
Announcing NetBSD and the Google "Summer of Code" Projects, Hubert Feyrer, (Sat Jun 25, 9:44 pm)
Brief outage of ftp.netbsd.org TODAY, 2009-07-14 02:45 UTC, Thor Simon, (Mon Jul 13, 8:35 pm)
Thank you for your donations!, Christos Zoulas, (Tue Jul 19, 9:05 am)
Summary of Changes to the Packages Collection in September 2..., Alistair Crooks, (Sat Oct 22, 8:41 am)
NetBSD 5.0_RC1 binaries available for download, Soren Jacobsen, (Thu Jan 29, 4:38 pm)
Manuel Bouyer interviewed on NetBSD/xen integration, Emmanuel Dreyfus, (Sun Feb 19, 4:24 am)
NetBSD Security Advisory 2006-004: Denial of services issues..., NetBSD Security-Officer, (Wed Mar 29, 9:30 pm)
NetBSD Security Advisory 2006-012: SIOCGIFALIAS ioctl may ca..., NetBSD Security-Officer, (Wed Apr 12, 10:34 pm)
NetBSD/vax is now ELF; New snapshot available, Matt Thomas, (Sun Mar 31, 10:56 pm)
NetBSD Security Advisory 2002-006: buffer overrun in libc DN..., NetBSD Security Officer, (Thu Jun 27, 1:14 pm)
NetBSD Security Advisory 2006-017: Sendmail malformed multip..., NetBSD Security-Officer, (Wed Jun 14, 5:44 pm)
NetBSD Security Advisory 2006-019: Malicious PPP options can..., NetBSD Security-Officer, (Wed Aug 23, 5:32 pm)
Mailinglist Archives not updated, Jan Schaumann, (Mon Jan 6, 2:57 pm)