ID CVE-2010-0001
Summary Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
References
Vulnerable Configurations
  • GNU Gzip 1.3.11
    cpe:2.3:a:gnu:gzip:1.3.11
  • GNU Gzip 1.3.10
    cpe:2.3:a:gnu:gzip:1.3.10
  • GNU Gzip 1.3
    cpe:2.3:a:gnu:gzip:1.3
  • cpe:2.3:a:gnu:gzip:1.3.9
    cpe:2.3:a:gnu:gzip:1.3.9
  • GNU Gzip 1.3.8
    cpe:2.3:a:gnu:gzip:1.3.8
  • GNU Gzip 1.3.7
    cpe:2.3:a:gnu:gzip:1.3.7
  • GNU Gzip 1.3.6
    cpe:2.3:a:gnu:gzip:1.3.6
  • GNU Gzip 1.3.5
    cpe:2.3:a:gnu:gzip:1.3.5
  • GNU Gzip 1.3.4
    cpe:2.3:a:gnu:gzip:1.3.4
  • GNU Gzip 1.3.3
    cpe:2.3:a:gnu:gzip:1.3.3
  • cpe:2.3:a:gnu:gzip:1.3.2
    cpe:2.3:a:gnu:gzip:1.3.2
  • cpe:2.3:a:gnu:gzip:1.3.12
    cpe:2.3:a:gnu:gzip:1.3.12
  • cpe:2.3:a:gnu:gzip:1.3.13
    cpe:2.3:a:gnu:gzip:1.3.13
  • cpe:2.3:a:gnu:gzip:1.3.1
    cpe:2.3:a:gnu:gzip:1.3.1
  • GNU Gzip 1.2.4
    cpe:2.3:a:gnu:gzip:1.2.4
  • GNU Gzip 1.2.4a
    cpe:2.3:a:gnu:gzip:1.2.4a
CVSS
Base: 6.8 (as of 31-01-2010 - 20:09)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GZIP-100120.NASL
    description The following bugs have been fixed : - Specially crafted gzip archives could lead to gzip allocating a too small huffman table. Attackers could exploit that to crash gzip (CVE-2009-2624). Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code (CVE-2010-0001). Only 64bit architectures are affected by this flaw.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44312
    published 2010-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44312
    title SuSE 11 Security Update : gzip (SAT Patch Number 1839)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-0964.NASL
    description This update fixes CVE-2009-2624 and CVE-2010-0001 vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47203
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47203
    title Fedora 11 : gzip-1.3.12-10.fc11 (2010-0964)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_GZIP-100120.NASL
    description Specially crafted gzip archives could lead to gzip allocating a too small huffman table. Attackers could exploit that to crash gzip (CVE-2009-2624). Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code (CVE-2010-0001). Only 64bit architectures are affected by this flaw.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44308
    published 2010-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44308
    title openSUSE Security Update : gzip (gzip-1838)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_GZIP-100120.NASL
    description Specially crafted gzip archives could lead to gzip allocating a too small huffman table. Attackers could exploit that to crash gzip (CVE-2009-2624). Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code (CVE-2010-0001). Only 64bit architectures are affected by this flaw.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44306
    published 2010-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44306
    title openSUSE Security Update : gzip (gzip-1838)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0061.NASL
    description An updated gzip package that fixes one security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package provides the GNU gzip data compression program. An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. If a victim expanded a specially crafted archive, it could cause gzip to crash or, potentially, execute arbitrary code with the privileges of the user running gzip. This flaw only affects 64-bit systems. (CVE-2010-0001) Red Hat would like to thank Aki Helin of the Oulu University Secure Programming Group for responsibly reporting this flaw. Users of gzip should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44104
    published 2010-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44104
    title RHEL 3 / 4 / 5 : gzip (RHSA-2010:0061)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_5.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 50548
    published 2010-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50548
    title Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2010-060-03.NASL
    description New gzip packages are available for Slackware 13.0 (64-bit) and -current to fix a security issue.
    last seen 2018-09-01
    modified 2014-12-22
    plugin id 44947
    published 2010-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44947
    title Slackware 13.0 / current : gzip (SSA:2010-060-03)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0061.NASL
    description An updated gzip package that fixes one security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package provides the GNU gzip data compression program. An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. If a victim expanded a specially crafted archive, it could cause gzip to crash or, potentially, execute arbitrary code with the privileges of the user running gzip. This flaw only affects 64-bit systems. (CVE-2010-0001) Red Hat would like to thank Aki Helin of the Oulu University Secure Programming Group for responsibly reporting this flaw. Users of gzip should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44098
    published 2010-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44098
    title CentOS 3 / 4 / 5 : gzip (CESA-2010:0061)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-0884.NASL
    description This update fixes CVE-2009-2624 and CVE-2010-0001 vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47201
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47201
    title Fedora 12 : gzip-1.3.12-14.fc12 (2010-0884)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GZIP-6792.NASL
    description The following bug has been fixed : Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code (CVE-2010-0001). Only 64bit architectures are affected by this flaw.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 44313
    published 2010-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44313
    title SuSE 10 Security Update : gzip (ZYPP Patch Number 6792)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_GZIP-100120.NASL
    description Specially crafted gzip archives could lead to gzip allocating a too small huffman table. Attackers could exploit that to crash gzip (CVE-2009-2624). Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code (CVE-2010-0001). Only 64bit architectures are affected by this flaw.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44310
    published 2010-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44310
    title openSUSE Security Update : gzip (gzip-1838)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0061.NASL
    description From Red Hat Security Advisory 2010:0061 : An updated gzip package that fixes one security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package provides the GNU gzip data compression program. An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. If a victim expanded a specially crafted archive, it could cause gzip to crash or, potentially, execute arbitrary code with the privileges of the user running gzip. This flaw only affects 64-bit systems. (CVE-2010-0001) Red Hat would like to thank Aki Helin of the Oulu University Secure Programming Group for responsibly reporting this flaw. Users of gzip should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67990
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67990
    title Oracle Linux 3 / 4 / 5 : gzip (ELSA-2010-0061)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-889-1.NASL
    description It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2624) Aki Helin discovered that gzip incorrectly handled certain malformed files compressed with the Lempel-Ziv-Welch (LZW) algorithm. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0001). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44107
    published 2010-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44107
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : gzip vulnerabilities (USN-889-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2074.NASL
    description Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47792
    published 2010-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47792
    title Debian DSA-2074-1 : ncompress - integer underflow
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100120_GZIP_ON_SL3_X.NASL
    description CVE-2010-0001 gzip: (64 bit) Integer underflow by decompressing LZW format files An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. If a victim expanded a specially crafted archive, it could cause gzip to crash or, potentially, execute arbitrary code with the privileges of the user running gzip. This flaw only affects 64-bit systems. (CVE-2010-0001)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60727
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60727
    title Scientific Linux Security Update : gzip on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GZIP-6793.NASL
    description The following bug has been fixed : Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code (CVE-2010-0001). Only 64bit architectures are affected by this flaw.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 49857
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49857
    title SuSE 10 Security Update : gzip (ZYPP Patch Number 6793)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12573.NASL
    description The following bug has been fixed : - Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code. (CVE-2010-0001) Only 64bit architectures are affected by this flaw.
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 44304
    published 2010-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44304
    title SuSE9 Security Update : gzip (YOU Patch Number 12573)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-020.NASL
    description Multiple vulnerabilities has been found and corrected in gzip : A missing input sanitation flaw was found in the way gzip used to decompress data blocks for dynamic Huffman codes. A remote attacker could provide a specially crafted gzip compressed data archive, which once opened by a local, unsuspecting user would lead to denial of service (gzip crash) or, potentially, to arbitrary code execution with the privileges of the user running gzip (CVE-2009-2624). An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip (CVE-2010-0001). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 44101
    published 2010-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44101
    title Mandriva Linux Security Advisory : gzip (MDVSA-2010:020)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1974.NASL
    description Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2624 Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbitrary code when trying to decompress a crafted archive. This issue is a reappearance of CVE-2006-4334 and only affects the lenny version. - CVE-2010-0001 Aki Helin discovered an integer underflow when decompressing files that are compressed using the LZW algorithm. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44839
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44839
    title Debian DSA-1974-1 : gzip - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 79961
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79961
    title GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0009_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - libpng - VMnc Codec - vmrun - VMware Remote Console (VMrc) - VMware Tools - vmware-authd
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89740
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89740
    title VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0009.NASL
    description a. Service Console update for COS kernel Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1. b. ESXi userworld update for ntp The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. A vulnerability in ntpd could allow a remote attacker to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue. c. Service Console package openssl updated to 0.9.8e-12.el5_4.1 OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide. A memory leak in the zlib could allow a remote attacker to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4355 to this issue. A vulnerability was discovered which may allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2409 to this issue. This update also includes security fixes that were first addressed in version openssl-0.9.8e-12.el5.i386.rpm. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues. d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Multiple integer underflows in the AES and RC4 functionality in the crypto library could allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4212 to this issue. The service console package for pam_krb5 is updated to version pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In some non-default configurations (specifically, where pam_krb5 would be the first module to prompt for a password), a remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1384 to this issue. e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2 BIND (Berkeley Internet Name Daemon) is by far the most widely used Domain Name System (DNS) software on the Internet. A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0097 to this issue. A vulnerability was discovered which could allow remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains CNAME or DNAME records, which do not have the intended validation before caching. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0290 to this issue. A vulnerability was found in the way that bind handles out-of- bailiwick data accompanying a secure response without re-fetching from the original source, which could allow remote attackers to have an unspecified impact via a crafted response. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0382 to this issue. NOTE: ESX does not use the BIND name service daemon by default. f. Service Console package gcc updated to 3.2.3-60 The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Java, and Ada, as well as libraries for these languages GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3736 to this issue. g. Service Console package gzip update to 1.3.3-15.rhel3 gzip is a software application used for file compression An integer underflow in gzip's unlzw function on 64-bit platforms may allow a remote attacker to trigger an array index error leading to a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW compressed file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0001 to this issue. h. Service Console package sudo updated to 1.6.9p17-6.el5_4 Sudo (su 'do') allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0426 to this issue. When the runas_default option is used, sudo does not properly set group memberships, which allows local users to gain privileges via a sudo command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0427 to this issue.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 46765
    published 2010-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46765
    title VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-152.NASL
    description A vulnerability has been found and corrected in ncompress : An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip (CVE-2010-0001). The updated packages have been upgraded to the 4.2.4.4 version which is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 56530
    published 2011-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56530
    title Mandriva Linux Security Advisory : ncompress (MDVSA-2011:152)
oval via4
  • accepted 2013-04-29T04:06:35.723-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
    family unix
    id oval:org.mitre.oval:def:10546
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
    version 24
  • accepted 2014-01-20T04:01:35.357-05:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
    family unix
    id oval:org.mitre.oval:def:7511
    status accepted
    submitted 2010-06-01T17:30:00.000-05:00
    title gzip Integer Overflow Vulnerability
    version 8
redhat via4
advisories
  • bugzilla
    id 554418
    title CVE-2010-0001 gzip: (64 bit) Integer underflow by decompressing LZW format files
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhba:tst:20070026001
      • comment gzip is earlier than 0:1.3.3-15.rhel3
        oval oval:com.redhat.rhsa:tst:20100061002
      • comment gzip is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20100061003
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • comment gzip is earlier than 0:1.3.3-18.el4_8.1
        oval oval:com.redhat.rhsa:tst:20100061005
      • comment gzip is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20100061003
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • comment gzip is earlier than 0:1.3.5-11.el5_4.1
        oval oval:com.redhat.rhsa:tst:20100061007
      • comment gzip is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20100061008
    rhsa
    id RHSA-2010:0061
    released 2010-01-20
    severity Moderate
    title RHSA-2010:0061: gzip security update (Moderate)
  • rhsa
    id RHSA-2010:0095
rpms
  • gzip-0:1.3.3-15.rhel3
  • gzip-0:1.3.3-18.el4_8.1
  • gzip-0:1.3.5-11.el5_4.1
refmap via4
apple APPLE-SA-2010-11-10-1
confirm
debian
  • DSA-1974
  • DSA-2074
hp
  • HPSBMA02554
  • SSRT100018
mandriva
  • MDVSA-2010:019
  • MDVSA-2010:020
  • MDVSA-2011:152
osvdb 61869
sectrack 1023490
secunia
  • 38220
  • 38223
  • 38225
  • 38232
  • 40551
  • 40655
  • 40689
suse SUSE-SA:2010:008
ubuntu USN-889-1
vupen
  • ADV-2010-0185
  • ADV-2010-1796
  • ADV-2010-1872
Last major update 07-12-2016 - 22:01
Published 29-01-2010 - 13:30
Last modified 18-09-2017 - 21:30
Back to Top