Subject: Re: NetBSD Security Advisory 2003-003 Buffer Overflow in file(1)
To: None <>
From: Chuck Yerkes <>
List: current-users
Date: 03/12/2003 19:20:12
It might be worth noting that Amavis, AFAIK, , the antivirus scanner,
uses "file(1)" on attachments it's detached before performing
work on it.

If you use amavis, update.  update soon.

Quoting NetBSD Security Officer (
> 		 NetBSD Security Advisory 2003-003
> 		 =================================
> Topic:		Buffer Overflow in file(1)
> Severity:	Inducing a user to run file(1) could execute code as the user
> If file(1) is run over a specially constructed ELF file, an exploitable
> stack overflow occurs and attackers can gain the privileges of the user
> running file(1).