File: Denial of service — GLSA 200704-13

A vulnerability has been discovered in file allowing for a denial of service.

Affected packages

sys-apps/file on all architectures
Affected versions = 4.21
Unaffected versions >= 4.21-r1

Background

file is a utility that identifies a file format by scanning binary data for patterns.

Description

Conor Edberg discovered an error in the way file processes a specific regular expression.

Impact

A remote attacker could entice a user to open a specially crafted file, using excessive CPU ressources and possibly leading to a Denial of Service. Note that this vulnerability could be also triggered through an automatic file scanner like amavisd-new.

Workaround

There is no known workaround at this time.

Resolution

All file users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/file-4.20-r1"

References

Release date
April 17, 2007

Latest revision
September 17, 2007: 02

Severity
normal

Exploitable
remote

Bugzilla entries