This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnu First view 2010-01-29
Product Gzip Last view 2010-01-29
Version 1.3.9 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gnu:gzip

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2010-01-29 CVE-2010-0001

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.

6.8 2010-01-29 CVE-2009-2624

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-189 Numeric Errors
50% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
61875 GNU gzip inflate.c huft_build() Function Infinite Loop DoS
61869 GNU gzip unlzw.c unlzw() Function LZW File Handling Underflow

OpenVAS Exploits

id Description
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2011-10-21 Name : Mandriva Update for ncompress MDVSA-2011:152 (ncompress)
File : nvt/gb_mandriva_MDVSA_2011_152.nasl
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-08-09 Name : CentOS Update for gzip CESA-2010:0061 centos5 i386
File : nvt/gb_CESA-2010_0061_gzip_centos5_i386.nasl
2010-08-21 Name : Debian Security Advisory DSA 2074-1 (ncompress)
File : nvt/deb_2074_1.nasl
2010-03-02 Name : Fedora Update for gzip FEDORA-2010-0884
File : nvt/gb_fedora_2010_0884_gzip_fc12.nasl
2010-03-02 Name : Fedora Update for gzip FEDORA-2010-0964
File : nvt/gb_fedora_2010_0964_gzip_fc11.nasl
2010-02-04 Name : GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Linux)
File : nvt/gb_gzip_inflate_dos_vuln_lin.nasl
2010-02-04 Name : GZip 'huft_build()' in 'inflate.c' Input Validation Vulnerability (Win)
File : nvt/gb_gzip_inflate_dos_vuln_win.nasl
2010-02-01 Name : Debian Security Advisory DSA 1974-1 (gzip)
File : nvt/deb_1974_1.nasl
2010-01-29 Name : SuSE Update for acroread SUSE-SA:2010:008
File : nvt/gb_suse_2010_008.nasl
2010-01-25 Name : RedHat Update for gzip RHSA-2010:0061-02
File : nvt/gb_RHSA-2010_0061-02_gzip.nasl
2010-01-22 Name : CentOS Update for gzip CESA-2010:0061 centos3 i386
File : nvt/gb_CESA-2010_0061_gzip_centos3_i386.nasl
2010-01-22 Name : CentOS Update for gzip CESA-2010:0061 centos3 x86_64
File : nvt/gb_CESA-2010_0061_gzip_centos3_x86_64.nasl
2010-01-22 Name : Mandriva Update for gzip MDVSA-2010:020 (gzip)
File : nvt/gb_mandriva_MDVSA_2010_020.nasl
2010-01-22 Name : Ubuntu Update for gzip vulnerabilities USN-889-1
File : nvt/gb_ubuntu_USN_889_1.nasl

Nessus® Vulnerability Scanner

id Description
2016-03-08 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_gzip_20141107.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2010-0061.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20100120_gzip_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2011-10-18 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2011-152.nasl - Type: ACT_GATHER_INFO
2010-11-10 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_10_6_5.nasl - Type: ACT_GATHER_INFO
2010-11-10 Name: The remote host is missing a Mac OS X update that fixes security issues.
File: macosx_SecUpd2010-007.nasl - Type: ACT_GATHER_INFO
2010-10-11 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_gzip-6793.nasl - Type: ACT_GATHER_INFO
2010-07-22 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2074.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-0884.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-0964.nasl - Type: ACT_GATHER_INFO
2010-06-01 Name: The remote VMware ESXi / ESX host is missing one or more security-related pat...
File: vmware_VMSA-2010-0009.nasl - Type: ACT_GATHER_INFO
2010-03-02 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2010-060-03.nasl - Type: ACT_GATHER_INFO
2010-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1974.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_gzip-100120.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_gzip-6792.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote SuSE 11 host is missing a security update.
File: suse_11_gzip-100120.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_gzip-100120.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_gzip-100120.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12573.nasl - Type: ACT_GATHER_INFO
2010-01-21 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-889-1.nasl - Type: ACT_GATHER_INFO
2010-01-21 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2010-0061.nasl - Type: ACT_GATHER_INFO
2010-01-21 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2010-020.nasl - Type: ACT_GATHER_INFO
2010-01-21 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2010-0061.nasl - Type: ACT_GATHER_INFO