Vulnerabilities > CVE-2003-1092 - Unspecified vulnerability in Christos Zoulas File 1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
christos-zoulas
nessus
exploit available
NVD
Published: 2003-12-31
Updated: 2024-11-20

Summary

Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.

Vulnerable Configurations

Part Description Count
Application
Christos_Zoulas
10

Exploit-Db

descriptionFile 3.x Utility Local Memory Allocation Vulnerability. CVE-2003-1092. Local exploit for linux platform
idEDB-ID:22326
last seen2016-02-02
modified2003-03-06
published2003-03-06
reporterCrZ
sourcehttps://www.exploit-db.com/download/22326/
titleFile 3.x Utility Local Memory Allocation Vulnerability

Nessus

NASL familySuSE Local Security Checks
NASL idSUSE_SA_2003_017.NASL
descriptionThe remote host is missing the patch for the advisory SUSE-SA:2003:017 (file). The file command can be used to determine the type of files. iDEFENSE published a security report about a buffer overflow in the handling-routines for the ELF file-format. In conjunction with other mechanisms like print-filters, cron-jobs, eMail-scanners (like AMaViS) and alike this vulnerability can be used to gain higher privileges or to compromise the system remotely. There is no temporary fix known other then updating the system. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command
last seen2020-06-01
modified2020-06-02
plugin id13787
published2004-07-25
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/13787
titleSUSE-SA:2003:017: file
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2003:017
#


if ( ! defined_func("bn_random") ) exit(0);

include("compat.inc");

if(description)
{
 script_id(13787);
 script_bugtraq_id(7008);
 script_bugtraq_id(7009);
 script_version ("1.22");
 
 name["english"] = "SUSE-SA:2003:017: file";
 
 script_name(english:name["english"]);
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a vendor-supplied security patch" );
 script_set_attribute(attribute:"description", value:
"The remote host is missing the patch for the advisory SUSE-SA:2003:017 (file).


The file command can be used to determine the type of files.
iDEFENSE published a security report about a buffer overflow in the
handling-routines for the ELF file-format.
In conjunction with other mechanisms like print-filters, cron-jobs,
eMail-scanners (like AMaViS) and alike this vulnerability can be used
to gain higher privileges or to compromise the system remotely.

There is no temporary fix known other then updating the system.

Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command 'rpm -Fhv file.rpm' to apply
the update." );
 script_set_attribute(attribute:"solution", value:
"http://www.suse.de/security/2003_017_file.html" );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");



 script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25");
 script_cvs_date("Date: 2019/10/25 13:36:27");
 script_end_attributes();

 
 summary["english"] = "Check for the version of the file package";
 script_cve_id("CVE-2003-0102", "CVE-2003-1092");
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
 family["english"] = "SuSE Local Security Checks";
 script_family(english:family["english"]);
 
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/SuSE/rpm-list");
 exit(0);
}

include("rpm.inc");
if ( rpm_check( reference:"file-3.32-118", release:"SUSE7.1") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"file-3.33-85", release:"SUSE7.3") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"file-3.37-206", release:"SUSE8.0") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"file-3.37-206", release:"SUSE8.1") )
{
 security_hole(0);
 exit(0);
}
if (rpm_exists(rpm:"file-", release:"SUSE7.1")
 || rpm_exists(rpm:"file-", release:"SUSE7.3")
 || rpm_exists(rpm:"file-", release:"SUSE8.0")
 || rpm_exists(rpm:"file-", release:"SUSE8.1") )
{
 set_kb_item(name:"CVE-2003-0102", value:TRUE);
}

References