Test ID:	1.3.6.1.4.1.25623.1.0.57348
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2006:0663
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2006:0663. The ncompress package contains file compression and decompression utilities, which are compatible with the original UNIX compress utility (.Z file extensions). Tavis Ormandy of the Google Security Team discovered a lack of bounds checking in ncompress. An attacker could create a carefully crafted file that could execute arbitrary code if uncompressed by a victim. (CVE-2006-1168) In addition, two bugs that affected Red Hat Enterprise Linux 4 ncompress packages were fixed: * The display statistics and compression results in verbose mode were not shown when operating on zero length files. * An attempt to compress zero length files resulted in an unexpected return code. Users of ncompress are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0663.html http://www.redhat.com/security/updates/classification/#low Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1168 BugTraq ID: 19455 http://www.securityfocus.com/bid/19455 Debian Security Information: DSA-1149 (Google Search) http://www.debian.org/security/2006/dsa-1149 http://security.gentoo.org/glsa/glsa-200610-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:140 http://www.mandriva.com/security/advisories?name=MDVSA-2012:129 http://bugs.gentoo.org/show_bug.cgi?id=141728 https://bugzilla.redhat.com/show_bug.cgi?id=728536 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373 http://www.redhat.com/support/errata/RHSA-2006-0663.html RedHat Security Advisories: RHSA-2012:0810 http://rhn.redhat.com/errata/RHSA-2012-0810.html http://securitytracker.com/id?1016836 http://secunia.com/advisories/21427 http://secunia.com/advisories/21434 http://secunia.com/advisories/21437 http://secunia.com/advisories/21467 http://secunia.com/advisories/21880 http://secunia.com/advisories/22036 http://secunia.com/advisories/22296 http://secunia.com/advisories/22377 SGI Security Advisory: 20060901-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc SuSE Security Announcement: SUSE-SR:2006:020 (Google Search) http://www.novell.com/linux/security/advisories/2006_20_sr.html http://www.vupen.com/english/advisories/2006/3234 XForce ISS Database: ncompress-decompress-underflow(28315) https://exchange.xforce.ibmcloud.com/vulnerabilities/28315
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.