Vulnerabilities > CVE-2001-1413 - Unspecified vulnerability in Ncompress
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200410-08.NASL description The remote host is affected by the vulnerability described in GLSA-200410-08 (ncompress: Buffer overflow) compress and uncompress do not properly check bounds on command line options, including the filename. Large parameters would trigger a buffer overflow. Impact : By supplying a carefully crafted filename or other option, an attacker could execute arbitrary code on the system. A local attacker could only execute code with his own rights, but since compress and uncompress are called by various daemon programs, this might also allow a remote attacker to execute code with the rights of the daemon making use of ncompress. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 15446 published 2004-10-09 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15446 title GLSA-200410-08 : ncompress: Buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200410-08. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(15446); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2001-1413"); script_xref(name:"CERT", value:"176363"); script_xref(name:"GLSA", value:"200410-08"); script_name(english:"GLSA-200410-08 : ncompress: Buffer overflow"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200410-08 (ncompress: Buffer overflow) compress and uncompress do not properly check bounds on command line options, including the filename. Large parameters would trigger a buffer overflow. Impact : By supplying a carefully crafted filename or other option, an attacker could execute arbitrary code on the system. A local attacker could only execute code with his own rights, but since compress and uncompress are called by various daemon programs, this might also allow a remote attacker to execute code with the rights of the daemon making use of ncompress. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200410-08" ); script_set_attribute( attribute:"solution", value: "All ncompress users should upgrade to the latest version: # emerge sync # emerge -pv '>=app-arch/ncompress-4.2.4-r1' # emerge '>=app-arch/ncompress-4.2.4-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ncompress"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/09"); script_set_attribute(attribute:"vuln_publication_date", value:"2001/11/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-arch/ncompress", unaffected:make_list("ge 4.2.4-r1"), vulnerable:make_list("le 4.2.4"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ncompress"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-536.NASL description An updated ncompress package that fixes a buffer overflow and problem in the handling of files larger than 2 GB is now available. The ncompress package contains the compress and uncompress file compression and decompression utilities, which are compatible with the original UNIX compress utility (.Z file extensions). A bug in the way ncompress handles long filenames has been discovered. ncompress versions 4.2.4 and earlier contain a stack based buffer overflow when handling very long filenames. It is possible that an attacker could execute arbitrary code on a victims machine by tricking the user into decompressing a carefully crafted filename. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2001-1413 to this issue. This updated ncompress package also fixes a problem in the handling of files larger than 2 GB. All users of ncompress should upgrade to this updated package, which contains fixes for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15959 published 2004-12-14 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15959 title RHEL 2.1 : ncompress (RHSA-2004:536) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:536. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(15959); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2001-1413"); script_xref(name:"CERT", value:"176363"); script_xref(name:"RHSA", value:"2004:536"); script_name(english:"RHEL 2.1 : ncompress (RHSA-2004:536)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated ncompress package that fixes a buffer overflow and problem in the handling of files larger than 2 GB is now available. The ncompress package contains the compress and uncompress file compression and decompression utilities, which are compatible with the original UNIX compress utility (.Z file extensions). A bug in the way ncompress handles long filenames has been discovered. ncompress versions 4.2.4 and earlier contain a stack based buffer overflow when handling very long filenames. It is possible that an attacker could execute arbitrary code on a victims machine by tricking the user into decompressing a carefully crafted filename. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2001-1413 to this issue. This updated ncompress package also fixes a problem in the handling of files larger than 2 GB. All users of ncompress should upgrade to this updated package, which contains fixes for these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2001-1413" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:536" ); script_set_attribute( attribute:"solution", value:"Update the affected ncompress package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ncompress"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/23"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:536"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ncompress-4.2.4-37")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ncompress"); } }
Redhat
advisories |
|