ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA21996] gzip Multiple Vulnerabilities



А вот и secunia откликнулась. Видно все считают, что в качестве библиотеки он 
нигде не используется


> ----------------------------------------------------------------------
> 
> TITLE:
> gzip Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA21996
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/21996/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> DoS, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> gzip 1.x
> http://secunia.com/product/4220/
> 
> DESCRIPTION:
> Tavis Ormandy has reported some vulnerabilities in gzip, which can be
> exploited by malicious people to cause a DoS (Denial of Service) and
> potentially compromise a vulnerable system.
> 
> 1) A boundary error within the "make_table()" function in unlzh.c can
> be used to modify certain stack data. This can be exploited to cause a
> DoS and potentially allows to execute arbitrary code by e.g. tricking
> a user or automated system into unpacking a specially crafted archive
> file.
> 
> 2) A buffer underflow exists within the "build_tree()" function in
> unpack.c, which can be exploited to cause a DoS and potentially
> allows to execute arbitrary code by e.g. tricking a user  or
> automated system into unpacking a specially crafted "pack" archive
> file.
> 
> 3) A buffer overflow within the "make_table()" function of gzip's LZH
> support can be exploited to cause a DoS and potentially to compromise
> a vulnerable system by e.g. tricking a user or automated system into
> unpacking an archive containing a specially crafted decoding table.
> 
> 4) A NULL pointer dereference within the "huft_build()" function and
> an infinite loop within the LZH handling can be exploited to cause a
> DoS by e.g. tricking a user or automated system into unpacking a
> specially crafted archive file.
> 
> The vulnerabilities have been reported in version 1.3.5. Other
> versions may also be affected.
> 
> SOLUTION:
> Do not unpack untrusted archive files.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Tavis Ormandy, Google Security Team
> 
> ORIGINAL ADVISORY:
> http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
> 
> OTHER REFERENCES:
> US-CERT VU#554780:
> http://www.kb.cert.org/vuls/id/554780
> 
> US-CERT VU#381508:
> http://www.kb.cert.org/vuls/id/381508
> 
> US-CERT VU#773548:
> http://www.kb.cert.org/vuls/id/773548
> 
> US-CERT VU#933712:
> http://www.kb.cert.org/vuls/id/933712
> 
> US-CERT VU#596848
> http://www.kb.cert.org/vuls/id/596848
> 



 




Copyright © Lexa Software, 1996-2009.