Users login

Create an account »


Users login

Home » Hacking News » MDKSA-2003:030 - Updated file packages fix stack overflow vulnerability

MDKSA-2003:030 - Updated file packages fix stack overflow vulnerability

by Nikola Strahija on March 7th, 2003 A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler.

Package name: file
Advisory ID: MDKSA-2003:030
Date: March 6th, 2003

Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 2.1,
Single Network Firewall 7.2

Problem Description:

A memory allocation problem in file was found by Jeff Johnson, and a
stack overflow corruption problem was found by David Endler. These
problems have been corrected in file version 3.41 and likely affect
all previous version. These problems pose a security threat as they
can be used to execute arbitrary code by an attacker under the
privileges of another user. Note that the attacker must first
somehow convince the target user to execute file against a specially
crafted file that triggers the buffer overflow in file.


Updated Packages:

Corporate Server 2.1:
518493f1a79abf93011e70abfcb0677a corporate/2.1/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e corporate/2.1/SRPMS/file-3.41-1.1mdk.src.rpm

Linux-Mandrake 7.2:
095c2b08eac93b171448eb8a9f1c1ef1 7.2/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e 7.2/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrake Linux 8.0:
47a821812ce592e995615c8e268333c7 8.0/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e 8.0/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrake Linux 8.0/PPC:
8bcd230d29322f2c486c4834d670410e ppc/8.0/RPMS/file-3.41-1.1mdk.ppc.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e ppc/8.0/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrake Linux 8.1:
8483c0f20b6324217ad8fa30d6ac1277 8.1/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e 8.1/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrake Linux 8.1/IA64:
949417f7c98c472b6334e45124754bfa ia64/8.1/RPMS/file-3.41-1.1mdk.ia64.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e ia64/8.1/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrake Linux 8.2:
569bdc3120f253b9317a24e956499cb4 8.2/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e 8.2/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrake Linux 8.2/PPC:
8bab0210d9ad42e7facc76db95a39532 ppc/8.2/RPMS/file-3.41-1.1mdk.ppc.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e ppc/8.2/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrake Linux 9.0:
518493f1a79abf93011e70abfcb0677a 9.0/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e 9.0/SRPMS/file-3.41-1.1mdk.src.rpm

Single Network Firewall 7.2:
095c2b08eac93b171448eb8a9f1c1ef1 snf7.2/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e snf7.2/SRPMS/file-3.41-1.1mdk.src.rpm

Bug IDs fixed (see for more information):

To upgrade automatically, use MandrakeUpdate. The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
FTP mirrors can be obtained from:

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:

rpm --checksig

All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team from:

Please be aware that sometimes it takes the mirrors a few hours to

You can view other update advisories for Mandrake Linux at:

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by

If you want to report vulnerabilities, please contact

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

Version: GnuPG v1.0.7 (GNU/Linux)

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »