English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.1.1.2006.1181
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1181-1)
Summary:The remote host is missing an update for the Debian 'gzip' package(s) announced via the DSA-1181-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'gzip' package(s) announced via the DSA-1181-1 advisory.

Vulnerability Insight:
Tavis Ormandy from the Google Security Team discovered several vulnerabilities in gzip, the GNU compression utility. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-4334

A null pointer dereference may lead to denial of service if gzip is used in an automated manner.

CVE-2006-4335

Missing boundary checks may lead to stack modification, allowing execution of arbitrary code.

CVE-2006-4336

A buffer underflow in the pack support code may lead to execution of arbitrary code.

CVE-2006-4337

A buffer underflow in the LZH support code may lead to execution of arbitrary code.

CVE-2006-4338

An infinite loop may lead to denial of service if gzip is used in an automated manner.

For the stable distribution (sarge) these problems have been fixed in version 1.3.5-10sarge2.

For the unstable distribution (sid) these problems have been fixed in version 1.3.5-15.

We recommend that you upgrade your gzip package.

Affected Software/OS:
'gzip' package(s) on Debian 3.1.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4334
1016883
http://securitytracker.com/id?1016883
102766
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1
2006-0052
http://www.trustix.org/errata/2006/0052/
20060919 rPSA-2006-0170-1 gzip
http://www.securityfocus.com/archive/1/446426/100/0/threaded
20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
20070330 VMSA-2007-0002 VMware ESX security updates
http://www.securityfocus.com/archive/1/464268/100/0/threaded
20101
http://www.securityfocus.com/bid/20101
21996
http://secunia.com/advisories/21996
22002
http://secunia.com/advisories/22002
22009
http://secunia.com/advisories/22009
22012
http://secunia.com/advisories/22012
22017
http://secunia.com/advisories/22017
22027
http://secunia.com/advisories/22027
22033
http://secunia.com/advisories/22033
22034
http://secunia.com/advisories/22034
22043
http://secunia.com/advisories/22043
22085
http://secunia.com/advisories/22085
22101
http://secunia.com/advisories/22101
22435
http://secunia.com/advisories/22435
22487
http://secunia.com/advisories/22487
22661
http://secunia.com/advisories/22661
23155
http://secunia.com/advisories/23155
23679
http://secunia.com/advisories/23679
24435
http://secunia.com/advisories/24435
24636
http://secunia.com/advisories/24636
ADV-2006-4275
http://www.vupen.com/english/advisories/2006/4275
ADV-2006-4750
http://www.vupen.com/english/advisories/2006/4750
ADV-2007-0092
http://www.vupen.com/english/advisories/2007/0092
ADV-2007-0832
http://www.vupen.com/english/advisories/2007/0832
ADV-2007-1171
http://www.vupen.com/english/advisories/2007/1171
APPLE-SA-2006-11-28
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
DSA-1181
http://www.us.debian.org/security/2006/dsa-1181
FLSA:211760
http://www.securityfocus.com/archive/1/451324/100/0/threaded
FreeBSD-SA-06:21
http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc
GLSA-200609-13
http://security.gentoo.org/glsa/glsa-200609-13.xml
HPSBTU02168
http://www.securityfocus.com/archive/1/450078/100/0/threaded
HPSBUX02195
http://www.securityfocus.com/archive/1/462007/100/0/threaded
MDKSA-2006:167
http://www.mandriva.com/security/advisories?name=MDKSA-2006:167
OpenPKG-SA-2006.020
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html
RHSA-2006:0667
http://www.redhat.com/support/errata/RHSA-2006-0667.html
SSA:2006-262
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
SSRT061237
SUSE-SA:2006:056
http://www.novell.com/linux/security/advisories/2006_56_gzip.html
TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
USN-349-1
http://www.ubuntu.com/usn/usn-349-1
VU#933712
http://www.kb.cert.org/vuls/id/933712
gzip-huftbuild-code-execution(29038)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29038
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
http://docs.info.apple.com/article.html?artnum=304829
http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
https://issues.rpath.com/browse/RPL-615
oval:org.mitre.oval:def:10527
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10527
Common Vulnerability Exposure (CVE) ID: CVE-2006-4335
23153
http://secunia.com/advisories/23153
23156
http://secunia.com/advisories/23156
ADV-2006-3695
http://www.vupen.com/english/advisories/2006/3695
ADV-2006-4760
http://www.vupen.com/english/advisories/2006/4760
GLSA-200611-24
http://www.gentoo.org/security/en/glsa/glsa-200611-24.xml
VU#381508
http://www.kb.cert.org/vuls/id/381508
gzip-lzh-array-code-execution(29040)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29040
oval:org.mitre.oval:def:10391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10391
Common Vulnerability Exposure (CVE) ID: CVE-2006-4336
VU#554780
http://www.kb.cert.org/vuls/id/554780
gzip-unpack-buffer-underflow(29042)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29042
oval:org.mitre.oval:def:10140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10140
Common Vulnerability Exposure (CVE) ID: CVE-2006-4337
oval:org.mitre.oval:def:11212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11212
Common Vulnerability Exposure (CVE) ID: CVE-2006-4338
29008
http://www.osvdb.org/29008
gzip-lhz-dos(29046)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29046
oval:org.mitre.oval:def:11290
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11290
CopyrightCopyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.