English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59740
Category:Fedora Local Security Checks
Title:Fedora Core 7 FEDORA-2007-0836 (file)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to file
announced via advisory FEDORA-2007-0836.

The file command is used to identify a particular file according to the
type of data contained by the file. File can identify many different
file types, including ELF binaries, system libraries, RPM packages, and
different graphics formats.

You should install the file package, since the file command is such a
useful utility.

Update Information:

Update to new upstream 4.21 should also fix CVE-2007-2799 file integer overflow
ChangeLog:

* Tue May 29 2007 Martin Bacovsky - 4.21-1
- upgrade to new upstream 4.21
- resolves: #241034: CVE-2007-2799 file integer overflow
References:

[ 1 ] Bug #241034
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241034
[ 2 ] CVE-2007-2799
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799
Updated packages:

c334d634f1d942796cdeec57b74cf3f2cda41b17 file-4.21-1.fc7.ppc64.rpm
e8f85883f7c6ccc00c409cb974249f280c0debd6 file-libs-4.21-1.fc7.ppc64.rpm
aa9d0b8a6563269bfc3a51b9450ade15fd04b515 file-devel-4.21-1.fc7.ppc64.rpm
fca782875bb9a7bdf86e0b9a52f5d229f615d2db file-debuginfo-4.21-1.fc7.ppc64.rpm
e336a7f959c76b24a5b81c5a91fa34f9ed78c9e8 file-libs-4.21-1.fc7.i386.rpm
06e17b6db58b75eb7594a91c581029c9049dd46e file-4.21-1.fc7.i386.rpm
c261a20a559ff3d842dd5b0cae91b26a7c9b10ae file-debuginfo-4.21-1.fc7.i386.rpm
34d0031eeb259faecd6109effc9fbfe6cc52e658 file-devel-4.21-1.fc7.i386.rpm
d6566d731d71aa63de8cb8718c08253b90b1143f file-debuginfo-4.21-1.fc7.x86_64.rpm
b88c703de819afa0a125339e7593041e7f688c9f file-libs-4.21-1.fc7.x86_64.rpm
fa743ae3b5d3ad6829b228cc61463efe347b0c33 file-devel-4.21-1.fc7.x86_64.rpm
4904044807e2f3d81036fc2b5ca616b732603e4d file-4.21-1.fc7.x86_64.rpm
71aed76b7cf6136abc572e7a791de4ba87e726cc file-libs-4.21-1.fc7.ppc.rpm
d5a0f85c4b927abee899614a54bd3711c68f99a8 file-debuginfo-4.21-1.fc7.ppc.rpm
ede4162d6bd71b22dcecae01be22165a34daf82c file-devel-4.21-1.fc7.ppc.rpm
188473d52506dda1b0e10edc07e776907dd00fba file-4.21-1.fc7.ppc.rpm
4671a51f518e86bde129778c74a91de6176b16f0 file-4.21-1.fc7.src.rpm

This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.

Solution: Apply the appropriate updates.

https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2007-0836

Risk factor : High

CVSS Score:
5.1

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-2799
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 24146
http://www.securityfocus.com/bid/24146
Bugtraq: 20070524 FLEA-2007-0022-1: file (Google Search)
http://www.securityfocus.com/archive/1/469520/30/6420/threaded
Debian Security Information: DSA-1343 (Google Search)
http://www.debian.org/security/2007/dsa-1343
http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:114
NETBSD Security Advisory: NetBSD-SA2008-001
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc
http://osvdb.org/38498
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012
http://www.redhat.com/support/errata/RHSA-2007-0391.html
http://www.securitytracker.com/id?1018140
http://secunia.com/advisories/25394
http://secunia.com/advisories/25544
http://secunia.com/advisories/25578
http://secunia.com/advisories/25931
http://secunia.com/advisories/26203
http://secunia.com/advisories/26294
http://secunia.com/advisories/26415
http://secunia.com/advisories/29179
http://secunia.com/advisories/29420
SuSE Security Announcement: SUSE-SA:2007:040 (Google Search)
http://www.novell.com/linux/security/advisories/2007_40_file.html
http://www.trustix.org/errata/2007/0024/
http://www.ubuntu.com/usn/usn-439-2
http://www.vupen.com/english/advisories/2007/2071
http://www.vupen.com/english/advisories/2008/0924/references
XForce ISS Database: file-assert-code-execution(34731)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34731
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.