This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnu First view 2003-07-02
Product Gzip Last view 2010-01-29
Version 1.3.4 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gnu:gzip

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2010-01-29 CVE-2010-0001

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.

6.8 2010-01-29 CVE-2009-2624

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

4.6 2005-05-13 CVE-2005-0758

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

2.1 2003-07-02 CVE-2003-0367

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-20 Improper Input Validation
33% (1) CWE-189 Numeric Errors

Open Source Vulnerability Database (OSVDB)

id Description
61875 GNU gzip inflate.c huft_build() Function Infinite Loop DoS
61869 GNU gzip unlzw.c unlzw() Function LZW File Handling Underflow
16371 zgrep Unspecified Arbitrary Command Execution
4339 gzip znew Insecure Temp File Creation

OpenVAS Exploits

id Description
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2011-10-21 Name : Mandriva Update for ncompress MDVSA-2011:152 (ncompress)
File : nvt/gb_mandriva_MDVSA_2011_152.nasl
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-08-09 Name : CentOS Update for gzip CESA-2010:0061 centos5 i386
File : nvt/gb_CESA-2010_0061_gzip_centos5_i386.nasl
2010-08-21 Name : Debian Security Advisory DSA 2074-1 (ncompress)
File : nvt/deb_2074_1.nasl
2010-03-02 Name : Fedora Update for gzip FEDORA-2010-0964
File : nvt/gb_fedora_2010_0964_gzip_fc11.nasl
2010-03-02 Name : Fedora Update for gzip FEDORA-2010-0884
File : nvt/gb_fedora_2010_0884_gzip_fc12.nasl
2010-02-04 Name : GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Linux)
File : nvt/gb_gzip_inflate_dos_vuln_lin.nasl
2010-02-04 Name : GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Win)
File : nvt/gb_gzip_inflate_dos_vuln_win.nasl
2010-02-01 Name : Debian Security Advisory DSA 1974-1 (gzip)
File : nvt/deb_1974_1.nasl
2010-01-29 Name : SuSE Update for acroread SUSE-SA:2010:008
File : nvt/gb_suse_2010_008.nasl
2010-01-25 Name : RedHat Update for gzip RHSA-2010:0061-02
File : nvt/gb_RHSA-2010_0061-02_gzip.nasl
2010-01-22 Name : CentOS Update for gzip CESA-2010:0061 centos3 x86_64
File : nvt/gb_CESA-2010_0061_gzip_centos3_x86_64.nasl
2010-01-22 Name : CentOS Update for gzip CESA-2010:0061 centos3 i386
File : nvt/gb_CESA-2010_0061_gzip_centos3_i386.nasl
2010-01-22 Name : Mandriva Update for gzip MDVSA-2010:020 (gzip)
File : nvt/gb_mandriva_MDVSA_2010_020.nasl
2010-01-22 Name : Ubuntu Update for gzip vulnerabilities USN-889-1
File : nvt/gb_ubuntu_USN_889_1.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200505-05 (gzip)
File : nvt/glsa_200505_05.nasl
2008-01-17 Name : Debian Security Advisory DSA 308-1 (gzip)
File : nvt/deb_308_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2006-262-01 gzip
File : nvt/esoft_slk_ssa_2006_262_01.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-03-08 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_gzip_20141107.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2010-0061.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20100120_gzip_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2011-10-18 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2011-152.nasl - Type: ACT_GATHER_INFO
2010-11-10 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_10_6_5.nasl - Type: ACT_GATHER_INFO
2010-11-10 Name: The remote host is missing a Mac OS X update that fixes security issues.
File: macosx_SecUpd2010-007.nasl - Type: ACT_GATHER_INFO
2010-10-11 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_gzip-6793.nasl - Type: ACT_GATHER_INFO
2010-07-22 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2074.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-0884.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-0964.nasl - Type: ACT_GATHER_INFO
2010-06-01 Name: The remote VMware ESXi / ESX host is missing one or more security-related pat...
File: vmware_VMSA-2010-0009.nasl - Type: ACT_GATHER_INFO
2010-03-02 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2010-060-03.nasl - Type: ACT_GATHER_INFO
2010-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1974.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12573.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_gzip-100120.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_gzip-100120.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_gzip-100120.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote SuSE 11 host is missing a security update.
File: suse_11_gzip-100120.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_gzip-6792.nasl - Type: ACT_GATHER_INFO
2010-01-21 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2010-020.nasl - Type: ACT_GATHER_INFO
2010-01-21 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-889-1.nasl - Type: ACT_GATHER_INFO
2010-01-21 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2010-0061.nasl - Type: ACT_GATHER_INFO
2010-01-21 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2010-0061.nasl - Type: ACT_GATHER_INFO