Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2003:030-1: file

Vulnerability Assessment Details

MDKSA-2003:030-1: file

Vulnerability Assessment Summary
Check for the version of the file package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2003:030-1 (file).

A memory allocation problem in file was found by Jeff Johnson, and a stack
overflow corruption problem was found by David Endler. These problems have been
corrected in file version 3.41 and likely affect all previous version. These
problems pose a security threat as they can be used to execute arbitrary code by
a possible hacker under the rights of another user. Note that the attacker must
first somehow convince the target user to execute file against a specially
crafted file that triggers the buffer overflow in file.
The 8.2 and 9.0 packages installed data in a different directory than where they
should have been installed, which broke compatability with a small number of
programs. These updated packages place those files back in the appropriate

Solution :
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

Netgear GS748TP ProSafe 48-Port Smart Gigabit Switch
Netgear GS748TP ProSafe 48-Port Smart Gigabit Switch pictureSmart Switch TP-LINK TL-SL2452  48-ports
Smart Switch TP-LINK TL-SL2452  48-ports pictureTRENDnet TEG S16Dg - switch - 16 ports
TRENDnet TEG S16Dg - switch - 16 ports pictureCISCO CATALYST 2960-C SERIES POE WS-C2960-12PC-L 12-PORT SWITCH w/POWER CORD


No Discussions have been posted on this vulnerability.