Lucene search

[email protected]CVE-2007-2799

HistoryMay 23, 2007 - 9:30 p.m.

CVE-2007-2799

2007-05-2321:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2007-2799

file program

integer overflow

user-assisted

arbitrary code

security vulnerability

9.5 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

Integer overflow in the “file” program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

CPENameOperatorVersion
file:filefileeq4.2
sleuth_kit:the_sleuth_kithsleuth kit the sleuth kitheq*

CPE	Name	Operator	Version
file:file	file	eq	4.2
sleuth_kit:the_sleuth_kith	sleuth kit the sleuth kith	eq	*

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc

docs.info.apple.com/article.html?artnum=307562

lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

osvdb.org/38498

secunia.com/advisories/25394

secunia.com/advisories/25544

secunia.com/advisories/25578

secunia.com/advisories/25931

secunia.com/advisories/26203

secunia.com/advisories/26294

secunia.com/advisories/26415

secunia.com/advisories/29179

secunia.com/advisories/29420

support.avaya.com/elmodocs2/security/ASA-2007-290.htm

www.amavis.org/security/asa-2007-3.txt

www.debian.org/security/2007/dsa-1343

www.gentoo.org/security/en/glsa/glsa-200705-25.xml

www.mandriva.com/security/advisories?name=MDKSA-2007:114

www.novell.com/linux/security/advisories/2007_40_file.html

www.redhat.com/support/errata/RHSA-2007-0391.html

www.securityfocus.com/archive/1/469520/30/6420/threaded

www.securityfocus.com/bid/24146

www.securitytracker.com/id?1018140

www.trustix.org/errata/2007/0024/

www.ubuntu.com/usn/usn-439-2

www.vupen.com/english/advisories/2007/2071

www.vupen.com/english/advisories/2008/0924/references

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022

exchange.xforce.ibmcloud.com/vulnerabilities/34731

issues.rpath.com/browse/RPL-1311

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012

9.5 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2007-2799

nessus29 openvas40 veracode1 ubuntucve2 centos2 debiancve2 securityvulns1 redhat2 prion2 gentoo4 suse1 fedora4 ubuntu2 oraclelinux2 osv2 debian5 seebug2 slackware1 cve1 cert1 freebsd_advisory1 freebsd1