Test ID:	1.3.6.1.4.1.25623.1.0.57393
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-349-1 (gzip)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gzip announced via advisory USN-349-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Tavis Ormandy discovered that gzip did not sufficiently verify the validity of gzip or compress archives while unpacking. By tricking an user or automated system into unpacking a specially crafted compressed file, this could be exploited to execute arbitrary code with the user's privileges. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: gzip 1.3.5-9ubuntu3.5 Ubuntu 5.10: gzip 1.3.5-11ubuntu2.1 Ubuntu 6.06 LTS: gzip 1.3.5-12ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-349-1 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4334 1016883 http://securitytracker.com/id?1016883 102766 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1 2006-0052 http://www.trustix.org/errata/2006/0052/ 20060919 rPSA-2006-0170-1 gzip http://www.securityfocus.com/archive/1/446426/100/0/threaded 20061001-01-P ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc 20070330 VMSA-2007-0002 VMware ESX security updates http://www.securityfocus.com/archive/1/464268/100/0/threaded 20101 http://www.securityfocus.com/bid/20101 21996 http://secunia.com/advisories/21996 22002 http://secunia.com/advisories/22002 22009 http://secunia.com/advisories/22009 22012 http://secunia.com/advisories/22012 22017 http://secunia.com/advisories/22017 22027 http://secunia.com/advisories/22027 22033 http://secunia.com/advisories/22033 22034 http://secunia.com/advisories/22034 22043 http://secunia.com/advisories/22043 22085 http://secunia.com/advisories/22085 22101 http://secunia.com/advisories/22101 22435 http://secunia.com/advisories/22435 22487 http://secunia.com/advisories/22487 22661 http://secunia.com/advisories/22661 23155 http://secunia.com/advisories/23155 23679 http://secunia.com/advisories/23679 24435 http://secunia.com/advisories/24435 24636 http://secunia.com/advisories/24636 ADV-2006-4275 http://www.vupen.com/english/advisories/2006/4275 ADV-2006-4750 http://www.vupen.com/english/advisories/2006/4750 ADV-2007-0092 http://www.vupen.com/english/advisories/2007/0092 ADV-2007-0832 http://www.vupen.com/english/advisories/2007/0832 ADV-2007-1171 http://www.vupen.com/english/advisories/2007/1171 APPLE-SA-2006-11-28 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html DSA-1181 http://www.us.debian.org/security/2006/dsa-1181 FLSA:211760 http://www.securityfocus.com/archive/1/451324/100/0/threaded FreeBSD-SA-06:21 http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc GLSA-200609-13 http://security.gentoo.org/glsa/glsa-200609-13.xml HPSBTU02168 http://www.securityfocus.com/archive/1/450078/100/0/threaded HPSBUX02195 http://www.securityfocus.com/archive/1/462007/100/0/threaded MDKSA-2006:167 http://www.mandriva.com/security/advisories?name=MDKSA-2006:167 OpenPKG-SA-2006.020 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html RHSA-2006:0667 http://www.redhat.com/support/errata/RHSA-2006-0667.html SSA:2006-262 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 SSRT061237 SUSE-SA:2006:056 http://www.novell.com/linux/security/advisories/2006_56_gzip.html TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html USN-349-1 http://www.ubuntu.com/usn/usn-349-1 VU#933712 http://www.kb.cert.org/vuls/id/933712 gzip-huftbuild-code-execution(29038) https://exchange.xforce.ibmcloud.com/vulnerabilities/29038 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676 http://docs.info.apple.com/article.html?artnum=304829 http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html https://issues.rpath.com/browse/RPL-615 oval:org.mitre.oval:def:10527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10527 Common Vulnerability Exposure (CVE) ID: CVE-2006-4335 23153 http://secunia.com/advisories/23153 23156 http://secunia.com/advisories/23156 ADV-2006-3695 http://www.vupen.com/english/advisories/2006/3695 ADV-2006-4760 http://www.vupen.com/english/advisories/2006/4760 GLSA-200611-24 http://www.gentoo.org/security/en/glsa/glsa-200611-24.xml VU#381508 http://www.kb.cert.org/vuls/id/381508 gzip-lzh-array-code-execution(29040) https://exchange.xforce.ibmcloud.com/vulnerabilities/29040 oval:org.mitre.oval:def:10391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10391 Common Vulnerability Exposure (CVE) ID: CVE-2006-4336 VU#554780 http://www.kb.cert.org/vuls/id/554780 gzip-unpack-buffer-underflow(29042) https://exchange.xforce.ibmcloud.com/vulnerabilities/29042 oval:org.mitre.oval:def:10140 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10140 Common Vulnerability Exposure (CVE) ID: CVE-2006-4337 oval:org.mitre.oval:def:11212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11212 Common Vulnerability Exposure (CVE) ID: CVE-2006-4338 29008 http://www.osvdb.org/29008 gzip-lhz-dos(29046) https://exchange.xforce.ibmcloud.com/vulnerabilities/29046 oval:org.mitre.oval:def:11290 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11290
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.