remote system compromise in file

2003-03-21T12:40:17
ID SUSE-SA:2003:017
Type suse
Reporter Suse
Modified 2003-03-21T12:40:17

Description

The file command can be used to determine the type of files. iDEFENSE published a security report about a buffer overflow in the handling-routines for the ELF file-format. In conjunction with other mechanisms like print-filters, cron-jobs, eMail-scanners (like AMaViS) and alike this vulnerability can be used to gain higher privileges or to compromise the system remotely.