Executive Summary

Summary
Title New gzip packages fix arbitrary code execution
Informations
Name DSA-1181 First vendor Publication 2006-09-19
Vendor Debian Last vendor Modification 2006-09-19
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Tavis Ormandy from the Google Security Team discovered several vulnerabilities in gzip, the GNU compression utility. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4334

A null pointer dereference may lead to denial of service if gzip is used in an automated manner.

CVE-2006-4335

Missing boundary checks may lead to stack modification, allowing execution of arbitrary code.

CVE-2006-4336

A buffer underflow in the pack support code may lead to execution of arbitrary code.

CVE-2006-4337

A buffer underflow in the LZH support code may lead to execution of arbitrary code.

CVE-2006-4338

An infinite loop may lead to denial of service if gzip is used in an automated manner.

For the stable distribution (sarge) these problems have been fixed in version 1.3.5-10sarge2.

For the unstable distribution (sid) these problems have been fixed in version 1.3.5-15.

We recommend that you upgrade your gzip package.

Original Source

Url : http://www.debian.org/security/2006/dsa-1181

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10140
 
Oval ID: oval:org.mitre.oval:def:10140
Title: Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
Description: Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4336
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10391
 
Oval ID: oval:org.mitre.oval:def:10391
Title: Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."
Description: Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."
Family: unix Class: vulnerability
Reference(s): CVE-2006-4335
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10527
 
Oval ID: oval:org.mitre.oval:def:10527
Title: Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
Description: Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4334
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11212
 
Oval ID: oval:org.mitre.oval:def:11212
Title: Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
Description: Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4337
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11290
 
Oval ID: oval:org.mitre.oval:def:11290
Title: unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
Description: unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4338
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13018
 
Oval ID: oval:org.mitre.oval:def:13018
Title: DSA-1974-1 gzip -- several
Description: Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2624 Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbitrary code when trying to decompress a crafted archive. This issue is a reappearance of CVE-2006-4334 and only affects the lenny version. CVE-2010-0001 Aki Helin discovered an integer underflow when decompressing files that are compressed using the LZW algorithm. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. For the stable distribution, these problems have been fixed in version 1.3.12-6+lenny1. For the oldstable distribution, these problems have been fixed in version 1.3.5-15+etch1. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your gzip packages.
Family: unix Class: patch
Reference(s): DSA-1974-1
CVE-2009-2624
CVE-2010-0001
CVE-2006-4334
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): gzip
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18808
 
Oval ID: oval:org.mitre.oval:def:18808
Title: HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)
Description: Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4337
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19420
 
Oval ID: oval:org.mitre.oval:def:19420
Title: HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)
Description: Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."
Family: unix Class: vulnerability
Reference(s): CVE-2006-4335
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19687
 
Oval ID: oval:org.mitre.oval:def:19687
Title: HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)
Description: Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4334
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19732
 
Oval ID: oval:org.mitre.oval:def:19732
Title: HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)
Description: Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4336
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19798
 
Oval ID: oval:org.mitre.oval:def:19798
Title: HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS)
Description: unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4338
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7495
 
Oval ID: oval:org.mitre.oval:def:7495
Title: DSA-1974 gzip -- several vulnerabilities
Description: Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems: Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbitrary code when trying to decompress a crafted archive. This issue is a reappearance of CVE-2006-4334 and only affects the lenny version. Aki Helin discovered an integer underflow when decompressing files that are compressed using the LZW algorithm. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive.
Family: unix Class: patch
Reference(s): DSA-1974
CVE-2009-2624
CVE-2010-0001
CVE-2006-4334
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): gzip
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2010-02-01 Name : Debian Security Advisory DSA 1974-1 (gzip)
File : nvt/deb_1974_1.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for gzip
File : nvt/sles9p5012976.nasl
2009-06-03 Name : Solaris Update for SunFreeware gzip 120719-02
File : nvt/gb_solaris_120719_02.nasl
2009-06-03 Name : Solaris Update for SunFreeware gzip 120720-02
File : nvt/gb_solaris_120720_02.nasl
2009-05-05 Name : HP-UX Update for Software Distributor (SD) HPSBUX02195
File : nvt/gb_hp_ux_HPSBUX02195.nasl
2009-02-27 Name : Fedora Update for lha FEDORA-2007-557
File : nvt/gb_fedora_2007_557_lha_fc5.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200609-13 (gzip)
File : nvt/glsa_200609_13.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200611-24 (lha)
File : nvt/glsa_200611_24.nasl
2008-09-04 Name : FreeBSD Ports: gzip
File : nvt/freebsd_gzip0.nasl
2008-09-04 Name : FreeBSD Security Advisory (FreeBSD-SA-06:21.gzip.asc)
File : nvt/freebsdsa_gzip1.nasl
0000-00-00 Name : Slackware Advisory SSA:2006-262-01 gzip
File : nvt/esoft_slk_ssa_2006_262_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
29008 gzip unlzh.c huft_build() Function Infinite Loop DoS

Gzip contains a flaw that may allow a remote denial of service. The issue is triggered due to a NULL pointer dereference within the 'huft_build()' function and an infinite loop within the LZH handling, and will result in loss of availability for the service.
29007 gzip LZH Support make_table() Function Overflow

29006 gzip unpack.c build_tree() Function Overflow

29005 gzip unlzh.c make_table() Function Stack Modification Code Execution

29004 gzip Unspecified NULL Dereference DoS

Snort® IPS/IDS

Date Description
2014-11-16 GNU gzip LZH decompression make_table overflow attempt
RuleID : 32136 - Revision : 2 - Type : FILE-OTHER
2014-01-10 GNU gzip LZH decompression make_table overflow attempt
RuleID : 17289 - Revision : 14 - Type : FILE-OTHER

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_gzip_20141107.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2006-0667.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1974.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_11220.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_gzip-2085.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-349-1.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_gzip-2084.nasl - Type : ACT_GATHER_INFO
2007-09-25 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHCO_35587.nasl - Type : ACT_GATHER_INFO
2007-06-07 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_11a840928f9f11dbab33000e0c2e438a.nasl - Type : ACT_GATHER_INFO
2007-06-04 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-557.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2006-167.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-989.nasl - Type : ACT_GATHER_INFO
2006-11-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200611-24.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1181.nasl - Type : ACT_GATHER_INFO
2006-09-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200609-13.nasl - Type : ACT_GATHER_INFO
2006-09-22 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2006-262-01.nasl - Type : ACT_GATHER_INFO
2006-09-22 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2006-0667.nasl - Type : ACT_GATHER_INFO
2006-09-22 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2006-0667.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:26:13
  • Multiple Updates