From a24567fbc43f221b14e805f9bc0b7c6d16911c46 Mon Sep 17 00:00:00 2001 From: Alex Legler Date: Sun, 8 Mar 2015 22:02:38 +0100 Subject: Import existing advisories --- glsa-200710-19.xml | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 glsa-200710-19.xml (limited to 'glsa-200710-19.xml') diff --git a/glsa-200710-19.xml b/glsa-200710-19.xml new file mode 100644 index 00000000..70f52162 --- /dev/null +++ b/glsa-200710-19.xml @@ -0,0 +1,75 @@ + + + + + + + The Sleuth Kit: Integer underflow + + An integer underflow vulnerability has been reported in The Sleuth Kit + allowing for the user-assisted execution of arbitrary code. + + sleuthkit + October 18, 2007 + October 18, 2007: 01 + 181977 + remote + + + 2.0.9 + 2.0.9 + + + +

+ The Sleuth Kit is a collection of file system and media management + forensic analysis tools. +

+ + +

+ Jean-Sebastien Guay-Leroux reported an integer underflow in the + file_printf() function of the "file" utility which is bundled with The + Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not + affected by the improper fix for this vulnerability (identified as + CVE-2007-2799, see GLSA 200705-25) since version 4.20 of "file" was + never shipped with The Sleuth Kit ebuilds. +

+ + +

+ A remote attacker could entice a user to run The Sleuth Kit on a file + system containing a specially crafted file that would trigger a + heap-based buffer overflow possibly leading to the execution of + arbitrary code with the rights of the user running The Sleuth Kit. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All The Sleuth Kit users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-forensics/sleuthkit-2.0.9" + + + CVE-2007-1536 + CVE-2007-2799 + GLSA 200703-26 + GLSA 200705-25 + + + p-y + + + p-y + + + rbu + + -- cgit v1.2.3-65-gdbad