Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by ncompress
CVE-2006-1168 (GCVE-0-2006-1168)
Vulnerability from nvd – Published: 2006-08-14 20:00 – Updated: 2024-08-07 17:03
VLAI
Summary
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
25 references
Date Public
2006-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21437"
},
{
"name": "ncompress-decompress-underflow(28315)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28315"
},
{
"name": "GLSA-200610-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200610-03.xml"
},
{
"name": "SUSE-SR:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "MDKSA-2006:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:140"
},
{
"name": "22296",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22296"
},
{
"name": "oval:org.mitre.oval:def:9373",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373"
},
{
"name": "19455",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19455"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.avaya.com/css/P8/documents/100158840"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=141728"
},
{
"name": "21434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21434"
},
{
"name": "DSA-1149",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1149"
},
{
"name": "21467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21467"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm"
},
{
"name": "20060901-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"name": "RHSA-2006:0663",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0663.html"
},
{
"name": "ADV-2006-3234",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3234"
},
{
"name": "RHSA-2012:0810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0810.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=728536"
},
{
"name": "22377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22377"
},
{
"name": "21427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21427"
},
{
"name": "1016836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016836"
},
{
"name": "22036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22036"
},
{
"name": "21880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21880"
},
{
"name": "MDVSA-2012:129",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "bc94ec7e-8909-4cbb-83df-d2fc9330fa88",
"shortName": "sgi"
},
"references": [
{
"name": "21437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21437"
},
{
"name": "ncompress-decompress-underflow(28315)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28315"
},
{
"name": "GLSA-200610-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200610-03.xml"
},
{
"name": "SUSE-SR:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "MDKSA-2006:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:140"
},
{
"name": "22296",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22296"
},
{
"name": "oval:org.mitre.oval:def:9373",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373"
},
{
"name": "19455",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19455"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.avaya.com/css/P8/documents/100158840"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=141728"
},
{
"name": "21434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21434"
},
{
"name": "DSA-1149",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1149"
},
{
"name": "21467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21467"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm"
},
{
"name": "20060901-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"name": "RHSA-2006:0663",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0663.html"
},
{
"name": "ADV-2006-3234",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3234"
},
{
"name": "RHSA-2012:0810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0810.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=728536"
},
{
"name": "22377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22377"
},
{
"name": "21427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21427"
},
{
"name": "1016836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016836"
},
{
"name": "22036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22036"
},
{
"name": "21880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21880"
},
{
"name": "MDVSA-2012:129",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-info@sgi.com",
"ID": "CVE-2006-1168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21437"
},
{
"name": "ncompress-decompress-underflow(28315)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28315"
},
{
"name": "GLSA-200610-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200610-03.xml"
},
{
"name": "SUSE-SR:2006:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "MDKSA-2006:140",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:140"
},
{
"name": "22296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22296"
},
{
"name": "oval:org.mitre.oval:def:9373",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373"
},
{
"name": "19455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19455"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100158840",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100158840"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=141728",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=141728"
},
{
"name": "21434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21434"
},
{
"name": "DSA-1149",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1149"
},
{
"name": "21467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21467"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm"
},
{
"name": "20060901-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"name": "RHSA-2006:0663",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0663.html"
},
{
"name": "ADV-2006-3234",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3234"
},
{
"name": "RHSA-2012:0810",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0810.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=728536",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=728536"
},
{
"name": "22377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22377"
},
{
"name": "21427",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21427"
},
{
"name": "1016836",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016836"
},
{
"name": "22036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22036"
},
{
"name": "21880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21880"
},
{
"name": "MDVSA-2012:129",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bc94ec7e-8909-4cbb-83df-d2fc9330fa88",
"assignerShortName": "sgi",
"cveId": "CVE-2006-1168",
"datePublished": "2006-08-14T20:00:00.000Z",
"dateReserved": "2006-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:28.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2991 (GCVE-0-2005-2991)
Vulnerability from nvd – Published: 2005-09-20 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/12 | third-party-advisoryx_refsource_SREASON |
| http://marc.info/?l=full-disclosure&m=11268809863… | mailing-listx_refsource_FULLDISC |
| http://marc.info/?l=bugtraq&m=112689772732098&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.zataz.net/adviso/ncompress-09052005.txt | x_refsource_MISC |
Date Public
2005-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/12"
},
{
"name": "20050916 ncompress insecure temporary file creation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=112688098630314\u0026w=2"
},
{
"name": "20050916 ncompress insecure temporary file creation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112689772732098\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zataz.net/adviso/ncompress-09052005.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "12",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/12"
},
{
"name": "20050916 ncompress insecure temporary file creation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=112688098630314\u0026w=2"
},
{
"name": "20050916 ncompress insecure temporary file creation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112689772732098\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zataz.net/adviso/ncompress-09052005.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/12"
},
{
"name": "20050916 ncompress insecure temporary file creation",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=112688098630314\u0026w=2"
},
{
"name": "20050916 ncompress insecure temporary file creation",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112689772732098\u0026w=2"
},
{
"name": "http://www.zataz.net/adviso/ncompress-09052005.txt",
"refsource": "MISC",
"url": "http://www.zataz.net/adviso/ncompress-09052005.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2991",
"datePublished": "2005-09-20T04:00:00.000Z",
"dateReserved": "2005-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1413 (GCVE-0-2001-1413)
Vulnerability from nvd – Published: 2004-10-20 04:00 – Updated: 2024-08-08 04:51
VLAI
Summary
Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-200410-08.xml | vendor-advisoryx_refsource_GENTOO |
| http://seclists.org/lists/vuln-dev/2001/Nov/0202.html | mailing-listx_refsource_VULN-DEV |
| http://www.redhat.com/support/errata/RHSA-2004-536.html | vendor-advisoryx_refsource_REDHAT |
| http://www.kb.cert.org/vuls/id/176363 | third-party-advisoryx_refsource_CERT-VN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2001-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200410-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200410-08.xml"
},
{
"name": "20010621 New bugs, old bugs",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://seclists.org/lists/vuln-dev/2001/Nov/0202.html"
},
{
"name": "RHSA-2004:536",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-536.html"
},
{
"name": "VU#176363",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/176363"
},
{
"name": "ncompress-filename-bo(10619)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200410-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200410-08.xml"
},
{
"name": "20010621 New bugs, old bugs",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://seclists.org/lists/vuln-dev/2001/Nov/0202.html"
},
{
"name": "RHSA-2004:536",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-536.html"
},
{
"name": "VU#176363",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/176363"
},
{
"name": "ncompress-filename-bo(10619)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10619"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200410-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200410-08.xml"
},
{
"name": "20010621 New bugs, old bugs",
"refsource": "VULN-DEV",
"url": "http://seclists.org/lists/vuln-dev/2001/Nov/0202.html"
},
{
"name": "RHSA-2004:536",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-536.html"
},
{
"name": "VU#176363",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/176363"
},
{
"name": "ncompress-filename-bo(10619)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10619"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1413",
"datePublished": "2004-10-20T04:00:00.000Z",
"dateReserved": "2004-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:51:08.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1168 (GCVE-0-2006-1168)
Vulnerability from cvelistv5 – Published: 2006-08-14 20:00 – Updated: 2024-08-07 17:03
VLAI
Summary
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
25 references
Date Public
2006-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21437"
},
{
"name": "ncompress-decompress-underflow(28315)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28315"
},
{
"name": "GLSA-200610-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200610-03.xml"
},
{
"name": "SUSE-SR:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "MDKSA-2006:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:140"
},
{
"name": "22296",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22296"
},
{
"name": "oval:org.mitre.oval:def:9373",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373"
},
{
"name": "19455",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19455"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.avaya.com/css/P8/documents/100158840"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=141728"
},
{
"name": "21434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21434"
},
{
"name": "DSA-1149",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1149"
},
{
"name": "21467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21467"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm"
},
{
"name": "20060901-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"name": "RHSA-2006:0663",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0663.html"
},
{
"name": "ADV-2006-3234",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3234"
},
{
"name": "RHSA-2012:0810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0810.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=728536"
},
{
"name": "22377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22377"
},
{
"name": "21427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21427"
},
{
"name": "1016836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016836"
},
{
"name": "22036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22036"
},
{
"name": "21880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21880"
},
{
"name": "MDVSA-2012:129",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "bc94ec7e-8909-4cbb-83df-d2fc9330fa88",
"shortName": "sgi"
},
"references": [
{
"name": "21437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21437"
},
{
"name": "ncompress-decompress-underflow(28315)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28315"
},
{
"name": "GLSA-200610-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200610-03.xml"
},
{
"name": "SUSE-SR:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "MDKSA-2006:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:140"
},
{
"name": "22296",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22296"
},
{
"name": "oval:org.mitre.oval:def:9373",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373"
},
{
"name": "19455",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19455"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.avaya.com/css/P8/documents/100158840"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=141728"
},
{
"name": "21434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21434"
},
{
"name": "DSA-1149",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1149"
},
{
"name": "21467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21467"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm"
},
{
"name": "20060901-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"name": "RHSA-2006:0663",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0663.html"
},
{
"name": "ADV-2006-3234",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3234"
},
{
"name": "RHSA-2012:0810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0810.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=728536"
},
{
"name": "22377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22377"
},
{
"name": "21427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21427"
},
{
"name": "1016836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016836"
},
{
"name": "22036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22036"
},
{
"name": "21880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21880"
},
{
"name": "MDVSA-2012:129",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-info@sgi.com",
"ID": "CVE-2006-1168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21437"
},
{
"name": "ncompress-decompress-underflow(28315)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28315"
},
{
"name": "GLSA-200610-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200610-03.xml"
},
{
"name": "SUSE-SR:2006:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "MDKSA-2006:140",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:140"
},
{
"name": "22296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22296"
},
{
"name": "oval:org.mitre.oval:def:9373",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373"
},
{
"name": "19455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19455"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100158840",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100158840"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=141728",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=141728"
},
{
"name": "21434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21434"
},
{
"name": "DSA-1149",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1149"
},
{
"name": "21467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21467"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm"
},
{
"name": "20060901-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"name": "RHSA-2006:0663",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0663.html"
},
{
"name": "ADV-2006-3234",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3234"
},
{
"name": "RHSA-2012:0810",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0810.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=728536",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=728536"
},
{
"name": "22377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22377"
},
{
"name": "21427",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21427"
},
{
"name": "1016836",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016836"
},
{
"name": "22036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22036"
},
{
"name": "21880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21880"
},
{
"name": "MDVSA-2012:129",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bc94ec7e-8909-4cbb-83df-d2fc9330fa88",
"assignerShortName": "sgi",
"cveId": "CVE-2006-1168",
"datePublished": "2006-08-14T20:00:00.000Z",
"dateReserved": "2006-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:28.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2991 (GCVE-0-2005-2991)
Vulnerability from cvelistv5 – Published: 2005-09-20 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/12 | third-party-advisoryx_refsource_SREASON |
| http://marc.info/?l=full-disclosure&m=11268809863… | mailing-listx_refsource_FULLDISC |
| http://marc.info/?l=bugtraq&m=112689772732098&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.zataz.net/adviso/ncompress-09052005.txt | x_refsource_MISC |
Date Public
2005-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/12"
},
{
"name": "20050916 ncompress insecure temporary file creation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=112688098630314\u0026w=2"
},
{
"name": "20050916 ncompress insecure temporary file creation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112689772732098\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zataz.net/adviso/ncompress-09052005.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "12",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/12"
},
{
"name": "20050916 ncompress insecure temporary file creation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=112688098630314\u0026w=2"
},
{
"name": "20050916 ncompress insecure temporary file creation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112689772732098\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zataz.net/adviso/ncompress-09052005.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/12"
},
{
"name": "20050916 ncompress insecure temporary file creation",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=112688098630314\u0026w=2"
},
{
"name": "20050916 ncompress insecure temporary file creation",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112689772732098\u0026w=2"
},
{
"name": "http://www.zataz.net/adviso/ncompress-09052005.txt",
"refsource": "MISC",
"url": "http://www.zataz.net/adviso/ncompress-09052005.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2991",
"datePublished": "2005-09-20T04:00:00.000Z",
"dateReserved": "2005-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1413 (GCVE-0-2001-1413)
Vulnerability from cvelistv5 – Published: 2004-10-20 04:00 – Updated: 2024-08-08 04:51
VLAI
Summary
Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-200410-08.xml | vendor-advisoryx_refsource_GENTOO |
| http://seclists.org/lists/vuln-dev/2001/Nov/0202.html | mailing-listx_refsource_VULN-DEV |
| http://www.redhat.com/support/errata/RHSA-2004-536.html | vendor-advisoryx_refsource_REDHAT |
| http://www.kb.cert.org/vuls/id/176363 | third-party-advisoryx_refsource_CERT-VN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2001-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200410-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200410-08.xml"
},
{
"name": "20010621 New bugs, old bugs",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://seclists.org/lists/vuln-dev/2001/Nov/0202.html"
},
{
"name": "RHSA-2004:536",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-536.html"
},
{
"name": "VU#176363",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/176363"
},
{
"name": "ncompress-filename-bo(10619)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200410-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200410-08.xml"
},
{
"name": "20010621 New bugs, old bugs",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://seclists.org/lists/vuln-dev/2001/Nov/0202.html"
},
{
"name": "RHSA-2004:536",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-536.html"
},
{
"name": "VU#176363",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/176363"
},
{
"name": "ncompress-filename-bo(10619)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10619"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200410-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200410-08.xml"
},
{
"name": "20010621 New bugs, old bugs",
"refsource": "VULN-DEV",
"url": "http://seclists.org/lists/vuln-dev/2001/Nov/0202.html"
},
{
"name": "RHSA-2004:536",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-536.html"
},
{
"name": "VU#176363",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/176363"
},
{
"name": "ncompress-filename-bo(10619)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10619"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1413",
"datePublished": "2004-10-20T04:00:00.000Z",
"dateReserved": "2004-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:51:08.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}