English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.57726
Categoría:FreeBSD Local Security Checks
Título:FreeBSD Ports: gzip
Resumen:The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: gzip

CVE-2006-4334
Unspecified vulnerability in gzip 1.3.5 allows context-dependent
attackers to cause a denial of service (crash) via a crafted GZIP (gz)
archive, which results in a NULL dereference.

CVE-2006-4335
Array index error in the make_table function in unlzh.c in the LZH
decompression component in gzip 1.3.5, when running on certain
platforms, allows context-dependent attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a crafted GZIP
archive that triggers an out-of-bounds write, aka a 'stack
modification vulnerability.'

CVE-2006-4336
Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows
context-dependent attackers to execute arbitrary code via a crafted leaf
count table that causes a write to a negative index.

CVE-2006-4337
Buffer overflow in the make_table function in the LHZ component in
gzip 1.3.5 allows context-dependent attackers to execute arbitrary
code via a crafted decoding table in a GZIP archive.

CVE-2006-4338
unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent
attackers to cause a denial of service (infinite loop) via a crafted
GZIP archive.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-4334
1016883
http://securitytracker.com/id?1016883
102766
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1
2006-0052
http://www.trustix.org/errata/2006/0052/
20060919 rPSA-2006-0170-1 gzip
http://www.securityfocus.com/archive/1/446426/100/0/threaded
20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
20070330 VMSA-2007-0002 VMware ESX security updates
http://www.securityfocus.com/archive/1/464268/100/0/threaded
20101
http://www.securityfocus.com/bid/20101
21996
http://secunia.com/advisories/21996
22002
http://secunia.com/advisories/22002
22009
http://secunia.com/advisories/22009
22012
http://secunia.com/advisories/22012
22017
http://secunia.com/advisories/22017
22027
http://secunia.com/advisories/22027
22033
http://secunia.com/advisories/22033
22034
http://secunia.com/advisories/22034
22043
http://secunia.com/advisories/22043
22085
http://secunia.com/advisories/22085
22101
http://secunia.com/advisories/22101
22435
http://secunia.com/advisories/22435
22487
http://secunia.com/advisories/22487
22661
http://secunia.com/advisories/22661
23155
http://secunia.com/advisories/23155
23679
http://secunia.com/advisories/23679
24435
http://secunia.com/advisories/24435
24636
http://secunia.com/advisories/24636
ADV-2006-4275
http://www.vupen.com/english/advisories/2006/4275
ADV-2006-4750
http://www.vupen.com/english/advisories/2006/4750
ADV-2007-0092
http://www.vupen.com/english/advisories/2007/0092
ADV-2007-0832
http://www.vupen.com/english/advisories/2007/0832
ADV-2007-1171
http://www.vupen.com/english/advisories/2007/1171
APPLE-SA-2006-11-28
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
DSA-1181
http://www.us.debian.org/security/2006/dsa-1181
FLSA:211760
http://www.securityfocus.com/archive/1/451324/100/0/threaded
FreeBSD-SA-06:21
http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc
GLSA-200609-13
http://security.gentoo.org/glsa/glsa-200609-13.xml
HPSBTU02168
http://www.securityfocus.com/archive/1/450078/100/0/threaded
HPSBUX02195
http://www.securityfocus.com/archive/1/462007/100/0/threaded
MDKSA-2006:167
http://www.mandriva.com/security/advisories?name=MDKSA-2006:167
OpenPKG-SA-2006.020
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html
RHSA-2006:0667
http://www.redhat.com/support/errata/RHSA-2006-0667.html
SSA:2006-262
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
SSRT061237
SUSE-SA:2006:056
http://www.novell.com/linux/security/advisories/2006_56_gzip.html
TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
USN-349-1
http://www.ubuntu.com/usn/usn-349-1
VU#933712
http://www.kb.cert.org/vuls/id/933712
gzip-huftbuild-code-execution(29038)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29038
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
http://docs.info.apple.com/article.html?artnum=304829
http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
https://issues.rpath.com/browse/RPL-615
oval:org.mitre.oval:def:10527
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10527
Common Vulnerability Exposure (CVE) ID: CVE-2006-4335
23153
http://secunia.com/advisories/23153
23156
http://secunia.com/advisories/23156
ADV-2006-3695
http://www.vupen.com/english/advisories/2006/3695
ADV-2006-4760
http://www.vupen.com/english/advisories/2006/4760
GLSA-200611-24
http://www.gentoo.org/security/en/glsa/glsa-200611-24.xml
VU#381508
http://www.kb.cert.org/vuls/id/381508
gzip-lzh-array-code-execution(29040)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29040
oval:org.mitre.oval:def:10391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10391
Common Vulnerability Exposure (CVE) ID: CVE-2006-4336
VU#554780
http://www.kb.cert.org/vuls/id/554780
gzip-unpack-buffer-underflow(29042)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29042
oval:org.mitre.oval:def:10140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10140
Common Vulnerability Exposure (CVE) ID: CVE-2006-4337
oval:org.mitre.oval:def:11212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11212
Common Vulnerability Exposure (CVE) ID: CVE-2006-4338
29008
http://www.osvdb.org/29008
gzip-lhz-dos(29046)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29046
oval:org.mitre.oval:def:11290
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11290
CopyrightCopyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.