Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
gzip
(Unknown)
Описание
Переполнение буфера в функции build_tree в файле unpack.c в gzip позволяет злоумышленникам выполнить произвольный код, используя специально сформированную таблицу, чтобы записать отрицательное значение индекса.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.gzip.org/
http://www.gzip.org/
Ссылки
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
REDHAT (RHSA-2006:0667): http://www.redhat.com/support/errata/RHSA-2006-0667.html
UBUNTU (USN-349-1): http://www.ubuntu.com/usn/usn-349-1
DEBIAN (DSA-1181): http://www.us.debian.org/security/2006/dsa-1181
FREEBSD (FreeBSD-SA-06:21): http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc
SLACKWARE (SSA:2006-262): http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
MANDRIVA (MDKSA-2006:167): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:167
CERT-VN (VN#554780): http://www.kb.cert.org/vuls/id/554780
FRSIRT (ADV-2006-3695): http://www.frsirt.com/english/advisories/2006/3695
XF (gzip-unpack-buffer-underflow(29042)): http://xforce.iss.net/xforce/xfdb/29042
GENTOO (GLSA-200609-13): http://security.gentoo.org/glsa/glsa-200609-13.xml
OPENPKG (OpenPKG-SA-2006.020): http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html
SUSE (SUSE-SA:2006:056): http://www.novell.com/linux/security/advisories/2006_56_gzip.html
TRUSTIX (2006-0052): http://www.trustix.org/errata/2006/0052/
SECTRACK (1016883): http://securitytracker.com/id?1016883
http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm
HP (HPSBTU02168): http://www.securityfocus.com/archive/1/archive/1/450078/100/0/threaded
SGI (20061001-01-P): ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
BID (20101): http://www.securityfocus.com/bid/20101
FRSIRT (ADV-2006-4275): http://www.frsirt.com/english/advisories/2006/4275
http://docs.info.apple.com/article.html?artnum=304829
APPLE (APPLE-SA-2006-11-28): http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
GENTOO (GLSA-200611-24): http://www.gentoo.org/security/en/glsa/glsa-200611-24.xml
CERT (TA06-333A): http://www.us-cert.gov/cas/techalerts/TA06-333A.html
FRSIRT (ADV-2006-4750): http://www.frsirt.com/english/advisories/2006/4750
FRSIRT (ADV-2006-4760): http://www.frsirt.com/english/advisories/2006/4760
SUNALERT (102766): http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1
FRSIRT (ADV-2007-0092): http://www.frsirt.com/english/advisories/2007/0092
BUGTRAQ (20060919 rPSA-2006-0170-1 gzip): http://www.securityfocus.com/archive/1/archive/1/446426/100/0/threaded
https://issues.rpath.com/browse/RPL-615
FEDORA (FLSA:211760): http://www.securityfocus.com/archive/1/archive/1/451324/100/0/threaded
HP (HPSBUX02195): http://www.securityfocus.com/archive/1/archive/1/462007/100/0/threaded
FRSIRT (ADV-2007-0832): http://www.frsirt.com/english/advisories/2007/0832
BUGTRAQ (20070330 VMSA-2007-0002 VMware ESX security updates): http://www.securityfocus.com/archive/1/archive/1/464268/100/0/threaded
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
FRSIRT (ADV-2007-1171): http://www.frsirt.com/english/advisories/2007/1171
REDHAT (RHSA-2006:0667): http://www.redhat.com/support/errata/RHSA-2006-0667.html
UBUNTU (USN-349-1): http://www.ubuntu.com/usn/usn-349-1
DEBIAN (DSA-1181): http://www.us.debian.org/security/2006/dsa-1181
FREEBSD (FreeBSD-SA-06:21): http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc
SLACKWARE (SSA:2006-262): http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
MANDRIVA (MDKSA-2006:167): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:167
CERT-VN (VN#554780): http://www.kb.cert.org/vuls/id/554780
FRSIRT (ADV-2006-3695): http://www.frsirt.com/english/advisories/2006/3695
XF (gzip-unpack-buffer-underflow(29042)): http://xforce.iss.net/xforce/xfdb/29042
GENTOO (GLSA-200609-13): http://security.gentoo.org/glsa/glsa-200609-13.xml
OPENPKG (OpenPKG-SA-2006.020): http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html
SUSE (SUSE-SA:2006:056): http://www.novell.com/linux/security/advisories/2006_56_gzip.html
TRUSTIX (2006-0052): http://www.trustix.org/errata/2006/0052/
SECTRACK (1016883): http://securitytracker.com/id?1016883
http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm
HP (HPSBTU02168): http://www.securityfocus.com/archive/1/archive/1/450078/100/0/threaded
SGI (20061001-01-P): ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
BID (20101): http://www.securityfocus.com/bid/20101
FRSIRT (ADV-2006-4275): http://www.frsirt.com/english/advisories/2006/4275
http://docs.info.apple.com/article.html?artnum=304829
APPLE (APPLE-SA-2006-11-28): http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
GENTOO (GLSA-200611-24): http://www.gentoo.org/security/en/glsa/glsa-200611-24.xml
CERT (TA06-333A): http://www.us-cert.gov/cas/techalerts/TA06-333A.html
FRSIRT (ADV-2006-4750): http://www.frsirt.com/english/advisories/2006/4750
FRSIRT (ADV-2006-4760): http://www.frsirt.com/english/advisories/2006/4760
SUNALERT (102766): http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1
FRSIRT (ADV-2007-0092): http://www.frsirt.com/english/advisories/2007/0092
BUGTRAQ (20060919 rPSA-2006-0170-1 gzip): http://www.securityfocus.com/archive/1/archive/1/446426/100/0/threaded
https://issues.rpath.com/browse/RPL-615
FEDORA (FLSA:211760): http://www.securityfocus.com/archive/1/archive/1/451324/100/0/threaded
HP (HPSBUX02195): http://www.securityfocus.com/archive/1/archive/1/462007/100/0/threaded
FRSIRT (ADV-2007-0832): http://www.frsirt.com/english/advisories/2007/0832
BUGTRAQ (20070330 VMSA-2007-0002 VMware ESX security updates): http://www.securityfocus.com/archive/1/archive/1/464268/100/0/threaded
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
FRSIRT (ADV-2007-1171): http://www.frsirt.com/english/advisories/2007/1171
