Subject: Re: NetBSD Security Advisory 2003-003 Buffer Overflow in file(1)
To: None <current-users@netbsd.org>
From: Chuck Yerkes <chuck+nbsd@2003.snew.com>
List: current-users
Date: 03/12/2003 19:20:12
It might be worth noting that Amavis, AFAIK, , the antivirus scanner,
uses "file(1)" on attachments it's detached before performing
work on it.

If you use amavis, update.  update soon.

Quoting NetBSD Security Officer (security-officer@netbsd.org):
> -----BEGIN PGP SIGNED MESSAGE-----
> 		 NetBSD Security Advisory 2003-003
> 		 =================================
> Topic:		Buffer Overflow in file(1)
...
> Severity:	Inducing a user to run file(1) could execute code as the user
...
> If file(1) is run over a specially constructed ELF file, an exploitable
> stack overflow occurs and attackers can gain the privileges of the user
> running file(1).