PT-2007-7526 · Suse+2 · Suse Linux Enterprise+3

Publicado

1970-01-01

·

Atualizado

2024-06-15

·

CVE-2007-1536

CVSS v2.0

9.3

Alta

VetorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions file versions prior to 4.20 file-x86 versions prior to 4.20 file-64bit versions prior to 4.20 file-32bit versions prior to 4.20 file-devel versions prior to 4.20
Description The issue concerns multiple vulnerabilities in the file package of various Linux operating systems, including openSUSE and SUSE Linux Enterprise. These vulnerabilities can be exploited remotely, leading to a breach of confidentiality, integrity, and availability of protected information. The exploitation can result in the execution of arbitrary code via a file that triggers a heap-based buffer overflow, specifically due to an integer underflow in the file printf function.
Recommendations For file versions prior to 4.20, update to version 4.20 or later. For file-x86 versions prior to 4.20, update to version 4.20 or later. For file-64bit versions prior to 4.20, update to version 4.20 or later. For file-32bit versions prior to 4.20, update to version 4.20 or later. For file-devel versions prior to 4.20, update to version 4.20 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

BDU:2015-04611
BDU:2015-04612
BDU:2015-04613
BDU:2015-04614
BDU:2015-04615
BDU:2015-04962
BDU:2015-04963
BDU:2015-04964
BDU:2015-04965
BDU:2015-04966
BDU:2015-09561
CVE-2007-1536
DSA-1274-1
OPENSUSE-SU-2024:10755-1
RHSA-2007:0124
RHSA-2007_0124

Produtos afetados

Red Hat
Suse Linux Enterprise
File
Opensuse