Vulnerabilities > CVE-2007-1536 - Numeric Errors vulnerability in File

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
file
CWE-189
critical
nessus
exploit available
NVD
Published: 2007-03-20
Updated: 2018-10-16

Summary

Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
File
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionFile(1) 4.13 Command File_PrintF Integer Underflow Vulnerability. CVE-2007-1536. Remote exploit for linux platform
idEDB-ID:29753
last seen2016-02-03
modified2007-03-19
published2007-03-19
reporterJean-Sebastien Guay-Leroux
sourcehttps://www.exploit-db.com/download/29753/
titleFile1 <= 4.13 Command File_PrintF Integer Underflow Vulnerability

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070530_FILE_ON_SL5_X.NASL
    descriptionThe fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-2799)
    last seen2020-06-01
    modified2020-06-02
    plugin id60191
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60191
    titleScientific Linux Security Update : file on SL5.x, SL4.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(60191);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/25 13:36:17");

  script_cve_id("CVE-2007-1536", "CVE-2007-2799");

  script_name(english:"Scientific Linux Security Update : file on SL5.x, SL4.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Scientific Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The fix for CVE-2007-1536 introduced a new integer underflow flaw in
the file utility. An attacker could create a carefully crafted file
which, if examined by a victim using the file utility, could lead to
arbitrary code execution. (CVE-2007-2799)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=330
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6474ec97"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected file package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/05/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL4", reference:"file-4.10-3.0.2.el4")) flag++;

if (rpm_check(release:"SL5", reference:"file-4.17-9.0.1.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FILE-3034.NASL
    descriptionAn integer underflow within the ELF header parsing has been fixed which could lead to arbitrary code execution. CVE-2007-1536 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id29427
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29427
    titleSuSE 10 Security Update : file (ZYPP Patch Number 3034)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-391.NASL
    descriptionthis issue should fix CVE-2007-1536 (heap overflow that can result in arbitrary code execution) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24924
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24924
    titleFedora Core 6 : file-4.19-2.fc6 (2007-391)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0391.NASL
    descriptionFrom Red Hat Security Advisory 2007:0391 : An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The file command is used to identify a particular file according to the type of data contained by the file. The fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-2799) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67507
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67507
    titleOracle Linux 4 / 5 : file (ELSA-2007-0391)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0391.NASL
    descriptionAn updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The file command is used to identify a particular file according to the type of data contained by the file. The fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-2799) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25364
    published2007-06-01
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25364
    titleRHEL 4 / 5 : file (RHSA-2007:0391)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-439-1.NASL
    descriptionJean-Sebastien Guay-Leroux discovered that
    last seen2020-06-01
    modified2020-06-02
    plugin id28035
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28035
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : file vulnerability (USN-439-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0124.NASL
    descriptionFrom Red Hat Security Advisory 2007:0124 : An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The file command is used to identify a particular file according to the type of data contained by the file. An integer underflow flaw was found in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-1536) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67463
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67463
    titleOracle Linux 4 : file (ELSA-2007-0124)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1274.NASL
    descriptionAn integer underflow bug has been found in the file_printf function in file, a tool to determine file types based analysis of file content. The bug could allow an attacker to execute arbitrary code by inducing a local user to examine a specially crafted file that triggers a buffer overflow.
    last seen2020-06-01
    modified2020-06-02
    plugin id25008
    published2007-04-10
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25008
    titleDebian DSA-1274-1 : file - buffer overflow
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0391.NASL
    descriptionAn updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The file command is used to identify a particular file according to the type of data contained by the file. The fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-2799) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25355
    published2007-06-01
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25355
    titleCentOS 4 / 5 : file (CESA-2007:0391)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-114.NASL
    descriptionThe update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file (CVE-2007-2799). As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption (CVE-2007-2026). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25439
    published2007-06-07
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25439
    titleMandrake Linux Security Advisory : file (MDKSA-2007:114)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-093-01.NASL
    descriptionNew file packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and -current to fix a security issue. NOTE: In Slackware 11.0 and earlier, the file utility was part of the required
    last seen2020-06-01
    modified2020-06-02
    plugin id24916
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24916
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 / current : file [and bin package] (SSA:2007-093-01)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8E01AB5B094911DC8163000E0C2E438A.NASL
    descriptionWhen writing data into a buffer in the file_printf function, the length of the unused portion of the buffer is not correctly tracked, resulting in a buffer overflow when processing certain files. Impact : An attacker who can cause file(1) to be run on a maliciously constructed input can cause file(1) to crash. It may be possible for such an attacker to execute arbitrary code with the privileges of the user running file(1). The above also applies to any other applications using the libmagic(3) library. Workaround : No workaround is available, but systems where file(1) and other libmagic(3)-using applications are never run on untrusted input are not vulnerable.
    last seen2020-06-01
    modified2020-06-02
    plugin id25359
    published2007-06-01
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25359
    titleFreeBSD : FreeBSD -- heap overflow in file(1) (8e01ab5b-0949-11dc-8163-000e0c2e438a)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-067.NASL
    descriptionJean-Sebastien Guay-Leroux discovered an integer underflow in the file_printf() function in file prior to 4.20 that allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. Updated packages have been patched to address this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24893
    published2007-03-26
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24893
    titleMandrake Linux Security Advisory : file (MDKSA-2007:067)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200703-26.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200703-26 (file: Integer underflow) Jean-Sebastien Guay-Leroux reported an integer underflow in file_printf function. Impact : A remote attacker could entice a user to run the
    last seen2020-06-01
    modified2020-06-02
    plugin id24931
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24931
    titleGLSA-200703-26 : file: Integer underflow
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0124.NASL
    descriptionAn updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The file command is used to identify a particular file according to the type of data contained by the file. An integer underflow flaw was found in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-1536) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24878
    published2007-03-26
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24878
    titleCentOS 4 : file (CESA-2007:0124)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0124.NASL
    descriptionAn updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The file command is used to identify a particular file according to the type of data contained by the file. An integer underflow flaw was found in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-1536) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24897
    published2007-03-26
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24897
    titleRHEL 4 / 5 : file (RHSA-2007:0124)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FILE-3033.NASL
    descriptionAn integer underflow within the ELF header parsing has been fixed which could lead to arbitrary code execution. CVE-2007-1536 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id27214
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27214
    titleopenSUSE 10 Security Update : file (file-3033)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79964
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79964
    titleGLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200710-19.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200710-19 (The Sleuth Kit: Integer underflow) Jean-Sebastien Guay-Leroux reported an integer underflow in the file_printf() function of the
    last seen2020-06-01
    modified2020-06-02
    plugin id27517
    published2007-10-19
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27517
    titleGLSA-200710-19 : The Sleuth Kit: Integer underflow
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2007-005.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN
    last seen2020-06-01
    modified2020-06-02
    plugin id25297
    published2007-05-25
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25297
    titleMac OS X Multiple Vulnerabilities (Security Update 2007-005)

Oval

accepted2013-04-29T04:07:29.970-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionInteger underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
familyunix
idoval:org.mitre.oval:def:10658
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleInteger underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
version27

Redhat

advisories
bugzilla
id233337
titleCVE-2007-1536 file 4.20 fixes a heap overflow in that can result in arbitrary code execution
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • commentfile is earlier than 0:4.10-3.EL4.5
      ovaloval:com.redhat.rhsa:tst:20070124001
    • commentfile is signed with Red Hat master key
      ovaloval:com.redhat.rhsa:tst:20070124002
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • commentfile is earlier than 0:4.17-9.el5
      ovaloval:com.redhat.rhsa:tst:20070124004
    • commentfile is signed with Red Hat redhatrelease key
      ovaloval:com.redhat.rhsa:tst:20070124005
rhsa
idRHSA-2007:0124
released2007-03-23
severityModerate
titleRHSA-2007:0124: file security update (Moderate)
rpms
  • file-0:4.10-3.EL4.5
  • file-0:4.17-9.el5
  • file-debuginfo-0:4.10-3.EL4.5
  • file-debuginfo-0:4.17-9.el5

Seebug

bulletinFamilyexploit
descriptionApple Mac OS X是一款基于BSD的商业性质的操作系统。 Apple Mac OS X存在多个安全问题,远程攻击者可以利用漏洞进行拒绝服务,执行任意代码,提升特权等攻击。 CVE-ID: CVE-2007-0740 Alias Manager在部分条件可以使用户打开恶意文件,导致特权提升。 CVE-ID: CVE-2007-0493, CVE-2007-0494, CVE-2006-4095, CVE-2006-4096: BIND服务程序存在多个安全问题,可导致拒绝服务攻击。 CVE-ID: CVE-2007-0750 CoreGraphics在打开特殊构建的PDF文件时可触发溢出,导致任意代码执行。 CVE-ID: CVE-2007-0751 当每日清楚脚本执行时,/tmp目录中的挂接的文件系统可被删除。 CVE-ID: CVE-2007-1558 fetchmail加密存在安全问题,可导致泄露密码信息。 CVE-ID: CVE-2007-1536 运行file命令打开特殊构建的文件可导致任意代码执行或拒绝服务攻击。 CVE-ID: CVE-2007-2390 iChat用于在家用NAT网关上建立端口映射的UPnP IGD代码存在缓冲区溢出,构建恶意报文可导致任意代码执行。 CVE-ID: CVE-2007-0752 PPP守护进程在通过命令行装载插件时可导致特权提升。 CVE-ID: CVE-2006-5467, CVE-2006-6303 Ruby CGI库存在多个拒绝服务攻击。 CVE-ID: CVE-2006-4573 GNU Screen存在多个拒绝服务问题。 CVE-ID: CVE-2005-3011 texinfo存在漏洞允许任意文件被覆盖。 CVE-ID: CVE-2007-0753 vpnd存在格式串问题,可用于提升特权。 Cosmicperl Directory Pro 10.0.3 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X Preview.app 3.0.8 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 升级程序: Apple Mac OS X Server 10.3.9 * Apple SecUpdSrvr2007-005Pan.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13993&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13993&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpdSrvr2007-005Pan.dmg Apple Mac OS X 10.3.9 * Apple SecUpd2007-005Pan.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13992&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13992&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Pan.dmg Apple Mac OS X Server 10.4.9 * Apple SecUpd2007-005Ti.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Ti.dmg * Apple SecUpd2007-005Univ.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Univ.dmg Apple Mac OS X 10.4.9 * Apple SecUpd2007-005Ti.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Ti.dmg * Apple SecUpd2007-005Univ.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Univ.dmg
idSSV:1795
last seen2017-11-19
modified2007-05-25
published2007-05-25
reporterRoot
titleApple Mac OS X 2007-005多个安全漏洞

References