-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AMaViS Security Announcement Date: 2007-03-23 affected version(s): amavis, amavisd, amavisd-new, amavis-ng Vulnerability: file utility heap overflow Priority: urgent Solution: update to file 4.20 or later References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 Author: Mark Martinec Rainer Link Advisory ID: ASA-2007-1 Contact: security@amavis.org WWW: http://www.amavis.org/security/ - ----------------------------------------------------------------------------- 0. Preface As amavisd-new (http://www.ijs.si/software/amavisd/) is currently the only maintained AMaViS branch, most of the following refers to amavisd-new. 1. Problem description A security issue (integer underflow) in the GNU file(1) utility can lead to a heap overflow. 2. Impact Gain shell access to a remote system running a content filter which uses GNU file below 4.20. It is important to say that the executable code runs under privileges of the process running amavisd (usually vscan or amavis), which is not root. If amavisd is running chrooted, the impact is limited by the chroot jail environment. 3. Solution Update to GNU file 4.20 or newer, the latest version can be found at ftp://ftp.astron.com/pub/file/ Or update your system using an up to date package or port. 4. Acknowledgement Credits to Kees Cook of the Ubuntu team for providing us with up-to-date references and details. 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 http://mx.gw.com/pipermail/file/2007/000161.html http://www.ijs.si/software/amavisd/#sec http://www.amavis.org/security/ 6. Revision history 2007-03-23: initial release 2007-03-26: fixed wrong CVE reference URL -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.9.14 (GNU/Linux) iD8DBQFGCACWmxoFTBO0QHkRAscYAJ0UKna+g63FYToUcsh/BI2b60RvKACgkQ/I YPYSZLFd4gxCfLT5uMei0hI= =8WYT -----END PGP SIGNATURE-----