Subject: Re: NetBSD Security Advisory 2003-003 Buffer Overflow in file(1)
To: None <firstname.lastname@example.org>
From: Chuck Yerkes <email@example.com>
Date: 03/12/2003 19:20:12
It might be worth noting that Amavis, AFAIK, , the antivirus scanner,
uses "file(1)" on attachments it's detached before performing
work on it.
If you use amavis, update. update soon.
Quoting NetBSD Security Officer (firstname.lastname@example.org):
> -----BEGIN PGP SIGNED MESSAGE-----
> NetBSD Security Advisory 2003-003
> Topic: Buffer Overflow in file(1)
> Severity: Inducing a user to run file(1) could execute code as the user
> If file(1) is run over a specially constructed ELF file, an exploitable
> stack overflow occurs and attackers can gain the privileges of the user
> running file(1).