Vulnerabilities > CVE-2007-2026 - Denial of Service vulnerability in File
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-114.NASL description The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file (CVE-2007-2799). As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption (CVE-2007-2026). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25439 published 2007-06-07 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25439 title Mandrake Linux Security Advisory : file (MDKSA-2007:114) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:114. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(25439); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2007-2026", "CVE-2007-2799"); script_bugtraq_id(24146); script_xref(name:"MDKSA", value:"2007:114"); script_name(english:"Mandrake Linux Security Advisory : file (MDKSA-2007:114)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file (CVE-2007-2799). As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption (CVE-2007-2026). The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64magic1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64magic1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64magic1-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmagic1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmagic1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmagic1-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"file-4.17-2.2mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64magic1-4.17-2.2mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64magic1-devel-4.17-2.2mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64magic1-static-devel-4.17-2.2mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libmagic1-4.17-2.2mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libmagic1-devel-4.17-2.2mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libmagic1-static-devel-4.17-2.2mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"python-magic-4.17-2.2mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"file-4.20-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64magic1-4.20-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64magic1-devel-4.20-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64magic1-static-devel-4.20-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libmagic1-4.20-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libmagic1-devel-4.20-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libmagic1-static-devel-4.20-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"python-magic-4.20-1.1mdv2007.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200704-13.NASL description The remote host is affected by the vulnerability described in GLSA-200704-13 (File: Denial of Service) Conor Edberg discovered an error in the way file processes a specific regular expression. Impact : A remote attacker could entice a user to open a specially crafted file, using excessive CPU ressources and possibly leading to a Denial of Service. Note that this vulnerability could be also triggered through an automatic file scanner like amavisd-new. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25058 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25058 title GLSA-200704-13 : File: Denial of Service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200704-13. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(25058); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-2026"); script_xref(name:"GLSA", value:"200704-13"); script_name(english:"GLSA-200704-13 : File: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200704-13 (File: Denial of Service) Conor Edberg discovered an error in the way file processes a specific regular expression. Impact : A remote attacker could entice a user to open a specially crafted file, using excessive CPU ressources and possibly leading to a Denial of Service. Note that this vulnerability could be also triggered through an automatic file scanner like amavisd-new. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200704-13" ); script_set_attribute( attribute:"solution", value: "All file users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/file-4.20-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:file"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/19"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-apps/file", unaffected:make_list("ge 4.21-r1"), vulnerable:make_list("eq 4.21"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "File"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-11.NASL description The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79964 published 2014-12-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79964 title GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201412-11. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(79964); script_version("1.10"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2007-0720", "CVE-2007-1536", "CVE-2007-2026", "CVE-2007-2445", "CVE-2007-2741", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5116", "CVE-2007-5135", "CVE-2007-5266", "CVE-2007-5268", "CVE-2007-5269", "CVE-2007-5849", "CVE-2010-1205", "CVE-2013-0338", "CVE-2013-0339", "CVE-2013-1664", "CVE-2013-1969", "CVE-2013-2877", "CVE-2014-0160"); script_bugtraq_id(41174, 58180, 58892, 59000, 59265, 61050, 66690); script_xref(name:"GLSA", value:"201412-11"); script_name(english:"GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201412-11" ); script_set_attribute( attribute:"solution", value: "All users of the AMD64 x86 emulation base libraries should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-baselibs-20140406-r1' NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(20, 119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:emul-linux-x86-baselibs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/emul-linux-x86-baselibs", unaffected:make_list("ge 20140406-r1"), vulnerable:make_list("lt 20140406-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "AMD64 x86 emulation base libraries"); }
Seebug
| bulletinFamily | exploit |
| description | CVE ID:CVE-2007-2026 CVE-2007-2799 CNCVE ID:CNCVE-20072026 CNCVE-20072799 File是一款*nix下的文件格式识别工具。 File处理恶意文件错误,本地攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 CVE-2007-2026是对特定的规则表达式处理存在问题,可导致应用程序崩溃。 CVE-2007-2799是存在整数下溢问题,可导致任意代码执行。 目前没有详细漏洞细节提供。 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SLE SDK 10 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc OpenBSD OpenBSD 4.0 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya SES 3.1.1 Avaya Messaging Storage Server MSS 3.0 Avaya Message Networking Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya CCS 3.1.1 Avaya AES 4.0.1 厂商解决方案 OpenBSD可参考如下补丁程序: OpenBSD OpenBSD 4.0 * OpenBSD 015_file.patch <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/015_file.patch" target="_blank">ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/015_file.patch</a> |
| id | SSV:2084 |
| last seen | 2017-11-19 |
| modified | 2007-08-08 |
| published | 2007-08-08 |
| reporter | Root |
| title | File多个拒绝服务漏洞 |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-06-07 |
| organization | Red Hat |
| statement | Not vulnerable. These issues did not affect the versions of file as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. |
References
- http://secunia.com/advisories/24918
- http://secunia.com/advisories/25394
- http://secunia.com/advisories/25544
- http://secunia.com/advisories/25578
- http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user
- http://www.amavis.org/security/asa-2007-3.txt
- http://www.gentoo.org/security/en/glsa/glsa-200704-13.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:114
- http://www.securityfocus.com/archive/1/469520/30/6420/threaded
- http://www.securityfocus.com/bid/24146
- http://www.vupen.com/english/advisories/2007/2071
- https://bugs.gentoo.org/show_bug.cgi?id=174217
- https://issues.rpath.com/browse/RPL-1311