English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75516 CVE descriptions
and 39786 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57393
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-349-1 (gzip)
Summary:Ubuntu USN-349-1 (gzip)
Description:
The remote host is missing an update to gzip
announced via advisory USN-349-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Tavis Ormandy discovered that gzip did not sufficiently verify the
validity of gzip or compress archives while unpacking. By tricking an
user or automated system into unpacking a specially crafted compressed
file, this could be exploited to execute arbitrary code with the
user's privileges.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
gzip 1.3.5-9ubuntu3.5

Ubuntu 5.10:
gzip 1.3.5-11ubuntu2.1

Ubuntu 6.06 LTS:
gzip 1.3.5-12ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-349-1

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4334
Bugtraq: 20060919 rPSA-2006-0170-1 gzip (Google Search)
http://www.securityfocus.com/archive/1/archive/1/446426/100/0/threaded
Bugtraq: 20070330 VMSA-2007-0002 VMware ESX security updates (Google Search)
http://www.securityfocus.com/archive/1/archive/1/464268/100/0/threaded
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
Debian Security Information: DSA-1181 (Google Search)
http://www.us.debian.org/security/2006/dsa-1181
http://www.securityfocus.com/archive/1/archive/1/451324/100/0/threaded
FreeBSD Security Advisory: FreeBSD-SA-06:21
http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc
http://security.gentoo.org/glsa/glsa-200609-13.xml
HPdes Security Advisory: HPSBTU02168
http://www.securityfocus.com/archive/1/archive/1/450078/100/0/threaded
HPdes Security Advisory: SSRT061237
HPdes Security Advisory: HPSBUX02195
http://www.securityfocus.com/archive/1/archive/1/462007/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2006:167
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html
http://www.redhat.com/support/errata/RHSA-2006-0667.html
SGI Security Advisory: 20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1
SuSE Security Announcement: SUSE-SA:2006:056 (Google Search)
http://www.novell.com/linux/security/advisories/2006_56_gzip.html
http://www.trustix.org/errata/2006/0052/
http://www.ubuntu.com/usn/usn-349-1
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
CERT/CC vulnerability note: VU#933712
http://www.kb.cert.org/vuls/id/933712
BugTraq ID: 20101
http://www.securityfocus.com/bid/20101
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10527
http://www.vupen.com/english/advisories/2006/4275
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2007/0092
http://www.vupen.com/english/advisories/2007/0832
http://www.vupen.com/english/advisories/2007/1171
http://securitytracker.com/id?1016883
http://secunia.com/advisories/22002
http://secunia.com/advisories/22009
http://secunia.com/advisories/22017
http://secunia.com/advisories/22033
http://secunia.com/advisories/22034
http://secunia.com/advisories/22012
http://secunia.com/advisories/22043
http://secunia.com/advisories/22085
http://secunia.com/advisories/22101
http://secunia.com/advisories/22027
http://secunia.com/advisories/22435
http://secunia.com/advisories/22661
http://secunia.com/advisories/22487
http://secunia.com/advisories/23155
http://secunia.com/advisories/21996
http://secunia.com/advisories/23679
http://secunia.com/advisories/24435
http://secunia.com/advisories/24636
XForce ISS Database: gzip-huftbuild-code-execution(29038)
http://xforce.iss.net/xforce/xfdb/29038
Common Vulnerability Exposure (CVE) ID: CVE-2006-4335
http://www.gentoo.org/security/en/glsa/glsa-200611-24.xml
CERT/CC vulnerability note: VN#381508
http://www.kb.cert.org/vuls/id/381508
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10391
http://www.vupen.com/english/advisories/2006/3695
http://www.vupen.com/english/advisories/2006/4760
http://secunia.com/advisories/23153
http://secunia.com/advisories/23156
XForce ISS Database: gzip-lzh-array-code-execution(29040)
http://xforce.iss.net/xforce/xfdb/29040
Common Vulnerability Exposure (CVE) ID: CVE-2006-4336
CERT/CC vulnerability note: VN#554780
http://www.kb.cert.org/vuls/id/554780
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10140
XForce ISS Database: gzip-unpack-buffer-underflow(29042)
http://xforce.iss.net/xforce/xfdb/29042
Common Vulnerability Exposure (CVE) ID: CVE-2006-4337
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11212
Common Vulnerability Exposure (CVE) ID: CVE-2006-4338
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11290
http://www.osvdb.org/29008
XForce ISS Database: gzip-lhz-dos(29046)
http://xforce.iss.net/xforce/xfdb/29046
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 39786 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.