| 
 File: Denial of Service1. 
            Gentoo Linux Security Advisory Version Information 
          
            | Advisory Reference | GLSA 200704-13 / file |  
            | Release Date | April 17, 2007 |  
            | Latest Revision | September 17, 2007: 02 |  
            | Impact | normal |  
            | Exploitable | remote |  
          
            | Package | Vulnerable versions | Unaffected versions | Architecture(s) |  
            | sys-apps/file | =
            4.21 | >=
            4.21-r1 | Intel compatible |  
Related bugreports: 
#174217 Synopsis 
    A vulnerability has been discovered in file allowing for a denial of
    service.
   2. 
            Impact Information Background 
    file is a utility that identifies a file format by scanning binary data
    for patterns.
     Description 
    Conor Edberg discovered an error in the way file processes a specific
    regular expression.
     Impact 
    A remote attacker could entice a user to open a specially crafted file,
    using excessive CPU ressources and possibly leading to a Denial of
    Service. Note that this vulnerability could be also triggered through
    an automatic file scanner like amavisd-new.
     3. 
            Resolution Information Workaround 
    There is no known workaround at this time.
     Resolution 
    All file users should upgrade to the latest version:
     
| Code Listing 3.1: Resolution |  | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/file-4.20-r1"
 |  4. 
            References 
 
 |