CVE-2007-2799

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-2799
Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

5.1 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://osvdb.org/38498
http://secunia.com/advisories/25394 Vendor Advisory
http://secunia.com/advisories/25544 Vendor Advisory
http://secunia.com/advisories/25578 Vendor Advisory
http://secunia.com/advisories/25931 Vendor Advisory
http://secunia.com/advisories/26203 Vendor Advisory
http://secunia.com/advisories/26294 Vendor Advisory
http://secunia.com/advisories/26415 Vendor Advisory
http://secunia.com/advisories/29179
http://secunia.com/advisories/29420 Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm
http://www.amavis.org/security/asa-2007-3.txt
http://www.debian.org/security/2007/dsa-1343
http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:114
http://www.novell.com/linux/security/advisories/2007_40_file.html
http://www.redhat.com/support/errata/RHSA-2007-0391.html
http://www.securityfocus.com/archive/1/469520/30/6420/threaded
http://www.securityfocus.com/bid/24146
http://www.securitytracker.com/id?1018140
http://www.trustix.org/errata/2007/0024/
http://www.ubuntu.com/usn/usn-439-2
http://www.vupen.com/english/advisories/2007/2071 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0924/references Vendor Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34731
https://issues.rpath.com/browse/RPL-1311
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:file:file:4.2:*:*:*:*:*:*:*
cpe:2.3:a:sleuth_kit:the_sleuth_kith:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2007-05-23 21:30

Updated : 2024-02-28 11:01

NVD link : CVE-2007-2799

Mitre link : CVE-2007-2799

CVE.ORG link : CVE-2007-2799

JSON object : View

Products Affected

sleuth_kit

  • the_sleuth_kith

file

  • file
CWE
CWE-189

Numeric Errors


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024