A file integer underflow vulnerability could be exploited to trigger buffer overflow in unpatched Unix-like systems.
A buffer overflow vulnerability caused by an integer underflow in the file_printf function in Unix-like operating systems has been patched.
The flaw is contained within the file program and could allow an attacker to execute arbitrary code or create a denial of service condition, according to a posting on the United States Computer Emergency Readiness Team's Web site.
File is a program used to determine what type of data is contained in a file. To trigger the overflow, a hacker would need to get a user to run a vulnerable version of file on a specially crafted file, the advisory states.
"Version 4.20 of file was released to address this issue," according to the US-CERT advisory.
If exploited, an attacker could execute malicious code with the permissions of the user running the vulnerable version of file or cause the program to crash, creating a denial-of-service condition.
Patches by
Red Hat and
Ubuntu were released more than a week ago for users of Red Hat Enterprise Linux 4 and 5 as well as Ubuntu 5.10, Ubuntu 6.06 LTS, Ubuntu 6.10 and corresponding versions of Kubuntu, Edubuntu, and Xubuntu. OpenWall GNU/*Linux and Mandriva have also released updates to address the issue.
In addition, running the file program with a limited user account may partially address the impact of a successful exploit of the flaw.
Copyright 2007 by Ziff Davis Media, Distributed by United Press International
Related stories:
MySpace looks to USC to help servers keep up with users
How do you keep a potential half-billion social networkers current? A Viterbi School of Engineering expert tackles the growth problems of one of the world's largest computing systems.
Review: Strong, innovative Web browsers emerge
(AP) -- With all the recent attention on the new Firefox 3 Internet browser, it's easy to miss two strong, innovative rivals. Add it all up, and Microsoft Corp.'s market-leading Internet Explorer has some impressive challengers.
Online service lets blind surf the Internet from any computer, anywhere
Visions of future technology don't involve being chained to a desktop machine. People move from home computers to work computers to mobile devices; public kiosks pop up in libraries, schools and hotels; and people increasingly store everything from e-mail to spreadsheets on the Web.
Law professor warns the FCC about ceding too much control to large Internet providers
Net neutrality—the notion that everyone has a right to equal access to the Internet—should be a bedrock principle of life on the web, Larry Lessig, law professor and Internet advocate, told the Federal Communications Commission (FCC) on Thursday, as the FCC's five commissioners took the stage at Dinkelspiel Auditorium for a daylong public hearing.
Supercomputer Unleashes Virtual 9.0 Megaquake in Pacific Northwest
On January 26, 1700, at about 9 p.m. local time, the Juan de Fuca plate beneath the ocean in the Pacific Northwest suddenly moved, slipping some 60 feet eastward beneath the North American plate in a monster quake of approximately magnitude 9, setting in motion large tsunamis that struck the coast of North America and traveled to the shores of Japan.
Software That Grades Handwritten Essays May Boost Comprehension, Too
Computer scientists in the University at Buffalo's School of Engineering and Applied Sciences have been working with their colleagues in UB's Graduate School of Education to develop a computational tool that not only dramatically reduces the time it takes to grade children's handwritten essays, but that also may help boost students' reading comprehension skills.
Security loophole found in Windows operating system
A group of researchers headed by Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa succeeded in finding a security vulnerability in Microsoft's "Windows 2000" operating system.
New system will help computer users avoid illegal file-sharing
The University of Michigan will launch a new educational service to help students avoid unintentionally infringing copyright law.