Summary
Detail | |||
---|---|---|---|
Vendor | Gnu | First view | 2001-11-18 |
Product | Gzip | Last view | 2010-01-29 |
Version | 1.2.4 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:gnu:gzip |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.8 | 2010-01-29 | CVE-2010-0001 | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. |
6.8 | 2010-01-29 | CVE-2009-2624 | The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. |
4.6 | 2005-05-13 | CVE-2005-0758 | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. |
5 | 2005-05-02 | CVE-2005-1228 | Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. |
3.7 | 2005-05-02 | CVE-2005-0988 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. |
10 | 2004-12-06 | CVE-2004-0603 | gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. |
2.1 | 2003-07-02 | CVE-2003-0367 | znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
7.5 | 2001-11-18 | CVE-2001-1228 | Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
66% (2) | CWE-20 | Improper Input Validation |
33% (1) | CWE-189 | Numeric Errors |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
61875 | GNU gzip inflate.c huft_build() Function Infinite Loop DoS |
61869 | GNU gzip unlzw.c unlzw() Function LZW File Handling Underflow |
60297 | gzip gzexe Temp File Failure Argument Handling Arbitrary Command Execution |
16371 | zgrep Unspecified Arbitrary Command Execution |
15721 | gzip -N Option Traversal Arbitrary File Write |
15487 | gzip Race Condition Arbitrary File Permission Modification |
10506 | gzip Long File Name Overflow |
4339 | gzip znew Insecure Temp File Creation |
OpenVAS Exploits
id | Description |
---|---|
2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
2011-10-21 | Name : Mandriva Update for ncompress MDVSA-2011:152 (ncompress) File : nvt/gb_mandriva_MDVSA_2011_152.nasl |
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-08-09 | Name : CentOS Update for gzip CESA-2010:0061 centos5 i386 File : nvt/gb_CESA-2010_0061_gzip_centos5_i386.nasl |
2010-08-21 | Name : Debian Security Advisory DSA 2074-1 (ncompress) File : nvt/deb_2074_1.nasl |
2010-03-02 | Name : Fedora Update for gzip FEDORA-2010-0964 File : nvt/gb_fedora_2010_0964_gzip_fc11.nasl |
2010-03-02 | Name : Fedora Update for gzip FEDORA-2010-0884 File : nvt/gb_fedora_2010_0884_gzip_fc12.nasl |
2010-02-04 | Name : GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Win) File : nvt/gb_gzip_inflate_dos_vuln_win.nasl |
2010-02-04 | Name : GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Linux) File : nvt/gb_gzip_inflate_dos_vuln_lin.nasl |
2010-02-01 | Name : Debian Security Advisory DSA 1974-1 (gzip) File : nvt/deb_1974_1.nasl |
2010-01-29 | Name : SuSE Update for acroread SUSE-SA:2010:008 File : nvt/gb_suse_2010_008.nasl |
2010-01-25 | Name : RedHat Update for gzip RHSA-2010:0061-02 File : nvt/gb_RHSA-2010_0061-02_gzip.nasl |
2010-01-22 | Name : CentOS Update for gzip CESA-2010:0061 centos3 x86_64 File : nvt/gb_CESA-2010_0061_gzip_centos3_x86_64.nasl |
2010-01-22 | Name : CentOS Update for gzip CESA-2010:0061 centos3 i386 File : nvt/gb_CESA-2010_0061_gzip_centos3_i386.nasl |
2010-01-22 | Name : Mandriva Update for gzip MDVSA-2010:020 (gzip) File : nvt/gb_mandriva_MDVSA_2010_020.nasl |
2010-01-22 | Name : Ubuntu Update for gzip vulnerabilities USN-889-1 File : nvt/gb_ubuntu_USN_889_1.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-06-03 | Name : Solaris Update for SunFreeware gzip 120719-02 File : nvt/gb_solaris_120719_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-18 (gzip) File : nvt/glsa_200406_18.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200505-05 (gzip) File : nvt/glsa_200505_05.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-05:11.gzip.asc) File : nvt/freebsdsa_gzip.nasl |
2008-09-04 | Name : FreeBSD Ports: gzip File : nvt/freebsd_gzip.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 752-1 (gzip) File : nvt/deb_752_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 308-1 (gzip) File : nvt/deb_308_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 100-1 (gzip) File : nvt/deb_100_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2016-03-08 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO |
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_gzip_20141107.nasl - Type: ACT_GATHER_INFO |
2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2010-0061.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20100120_gzip_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2011-10-18 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2011-152.nasl - Type: ACT_GATHER_INFO |
2010-11-10 | Name: The remote host is missing a Mac OS X update that fixes security issues. File: macosx_SecUpd2010-007.nasl - Type: ACT_GATHER_INFO |
2010-11-10 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_10_6_5.nasl - Type: ACT_GATHER_INFO |
2010-10-11 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_gzip-6793.nasl - Type: ACT_GATHER_INFO |
2010-07-22 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2074.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-0884.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-0964.nasl - Type: ACT_GATHER_INFO |
2010-06-01 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2010-0009.nasl - Type: ACT_GATHER_INFO |
2010-03-02 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2010-060-03.nasl - Type: ACT_GATHER_INFO |
2010-02-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1974.nasl - Type: ACT_GATHER_INFO |
2010-01-26 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_gzip-6792.nasl - Type: ACT_GATHER_INFO |
2010-01-26 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_gzip-100120.nasl - Type: ACT_GATHER_INFO |
2010-01-26 | Name: The remote openSUSE host is missing a security update. File: suse_11_2_gzip-100120.nasl - Type: ACT_GATHER_INFO |
2010-01-26 | Name: The remote openSUSE host is missing a security update. File: suse_11_1_gzip-100120.nasl - Type: ACT_GATHER_INFO |
2010-01-26 | Name: The remote openSUSE host is missing a security update. File: suse_11_0_gzip-100120.nasl - Type: ACT_GATHER_INFO |
2010-01-26 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_12573.nasl - Type: ACT_GATHER_INFO |
2010-01-21 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2010-0061.nasl - Type: ACT_GATHER_INFO |
2010-01-21 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-889-1.nasl - Type: ACT_GATHER_INFO |
2010-01-21 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2010-020.nasl - Type: ACT_GATHER_INFO |
2010-01-21 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2010-0061.nasl - Type: ACT_GATHER_INFO |