Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA21996] gzip Multiple Vulnerabilities

To: <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: [SA21996] gzip Multiple Vulnerabilities
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Wed, 20 Sep 2006 16:59:15 +0400
Content-class: urn:content-classes:message
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: AcbcsPMwSx9RzKP7QqmKDqGrnQhRQAAA3CFg
Thread-topic: [SA21996] gzip Multiple Vulnerabilities

А вот и secunia откликнулась. Видно все считают, что в качестве библиотеки он 
нигде не используется


> ----------------------------------------------------------------------
> 
> TITLE:
> gzip Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA21996
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/21996/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> DoS, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> gzip 1.x
> http://secunia.com/product/4220/
> 
> DESCRIPTION:
> Tavis Ormandy has reported some vulnerabilities in gzip, which can be
> exploited by malicious people to cause a DoS (Denial of Service) and
> potentially compromise a vulnerable system.
> 
> 1) A boundary error within the "make_table()" function in unlzh.c can
> be used to modify certain stack data. This can be exploited to cause a
> DoS and potentially allows to execute arbitrary code by e.g. tricking
> a user or automated system into unpacking a specially crafted archive
> file.
> 
> 2) A buffer underflow exists within the "build_tree()" function in
> unpack.c, which can be exploited to cause a DoS and potentially
> allows to execute arbitrary code by e.g. tricking a user  or
> automated system into unpacking a specially crafted "pack" archive
> file.
> 
> 3) A buffer overflow within the "make_table()" function of gzip's LZH
> support can be exploited to cause a DoS and potentially to compromise
> a vulnerable system by e.g. tricking a user or automated system into
> unpacking an archive containing a specially crafted decoding table.
> 
> 4) A NULL pointer dereference within the "huft_build()" function and
> an infinite loop within the LZH handling can be exploited to cause a
> DoS by e.g. tricking a user or automated system into unpacking a
> specially crafted archive file.
> 
> The vulnerabilities have been reported in version 1.3.5. Other
> versions may also be affected.
> 
> SOLUTION:
> Do not unpack untrusted archive files.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Tavis Ormandy, Google Security Team
> 
> ORIGINAL ADVISORY:
> http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
> 
> OTHER REFERENCES:
> US-CERT VU#554780:
> http://www.kb.cert.org/vuls/id/554780
> 
> US-CERT VU#381508:
> http://www.kb.cert.org/vuls/id/381508
> 
> US-CERT VU#773548:
> http://www.kb.cert.org/vuls/id/773548
> 
> US-CERT VU#933712:
> http://www.kb.cert.org/vuls/id/933712
> 
> US-CERT VU#596848
> http://www.kb.cert.org/vuls/id/596848
>

Prev by Date: [security-alerts] Dr.Web 4.33 antivirus LHA long directory name heap overflow
Next by Date: [security-alerts] Fwd: Cisco Security Advisory: DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
Previous by thread: [security-alerts] Dr.Web 4.33 antivirus LHA long directory name heap overflow
Next by thread: [security-alerts] Fwd: Cisco Security Advisory: DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
Index(es):
- Date
- Thread