Description
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
Products
- File File 3.28
- File File 3.30
- File File 3.32
- File File 3.33
- File File 3.34
- File File 3.35
- File File 3.36
- File File 3.37
- File File 3.39
- File File 3.40
- NetBSD 1.5.1
- NetBSD 1.5.2
- NetBSD 1.5.3
- NetBSD 1.5
- NetBSD 1.6
- NetBSD 1.6 Beta
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2003-0102, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0102 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References