|
|
|
|
|
|
by dalke
4067 days ago
|
|
|
Here are three bug reports for file(1): https://www.freebsd.org/security/advisories/FreeBSD-SA-07%3A... , https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A... , https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A... . Quoting from the first: > An attacker who can cause file(1) to be run on a maliciously constructed input can cause file(1) to crash. It may be possible for such an attacker to execute arbitrary code with the privileges of the user running file(1). ... > No workaround is available, but systems where file(1) and other
libmagic(3)-using applications are never run on untrusted input are not
vulnerable. And from the third: > There are a number of denial of service issues in the ELF parser used
by file(1). ... > An attacker who can cause file(1) or any other applications using the
libmagic(3) library to be run on a maliciously constructed input can
cause the application to crash or consume excessive CPU resources,
resulting in a denial-of-service. |
|
|