Vulnerabilities > CVE-2006-4335 - Remote vulnerability in Gzip 1.3.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_GZIP-2085.NASL description This update fixes several security problems that can be exploited to compromise the system in conjunction with other programs while processing malformated archive files. (CVE-2006-4334 / CVE-2006-4335 / CVE-2006-4336 / CVE-2006-4337 / CVE-2006-4338) last seen 2020-06-01 modified 2020-06-02 plugin id 29458 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29458 title SuSE 10 Security Update : gzip (ZYPP Patch Number 2085) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(29458); script_version ("1.14"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338"); script_name(english:"SuSE 10 Security Update : gzip (ZYPP Patch Number 2085)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update fixes several security problems that can be exploited to compromise the system in conjunction with other programs while processing malformated archive files. (CVE-2006-4334 / CVE-2006-4335 / CVE-2006-4336 / CVE-2006-4337 / CVE-2006-4338)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-4334.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-4335.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-4336.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-4337.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-4338.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2085."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"gzip-1.3.5-159.5")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"gzip-1.3.5-159.5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family HP-UX Local Security Checks NASL id HPUX_PHCO_35587.NASL description s700_800 11.11 Software Distributor Cumulative Patch : A potential security vulnerability has been identified with the version of GZIP delivered by HP-UX Software Distributor (SD). The vulnerability could be remotely exploited leading to a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 26120 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26120 title HP-UX PHCO_35587 : HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS) (HPSBUX02195 SSRT061237 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHCO_35587. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(26120); script_version("1.17"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338"); script_bugtraq_id(19488, 20042); script_xref(name:"HP", value:"emr_na-c00874667"); script_xref(name:"HP", value:"HPSBUX02195"); script_xref(name:"HP", value:"SSRT061237"); script_name(english:"HP-UX PHCO_35587 : HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS) (HPSBUX02195 SSRT061237 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.11 Software Distributor Cumulative Patch : A potential security vulnerability has been identified with the version of GZIP delivered by HP-UX Software Distributor (SD). The vulnerability could be remotely exploited leading to a Denial of Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00874667 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bb18571d" ); script_set_attribute( attribute:"solution", value:"Install patch PHCO_35587 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11")) { exit(0, "The host is not affected since PHCO_35587 applies to a different OS release."); } patches = make_list("PHCO_35587", "PHCO_38226", "PHCO_41200"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0612.458")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0106")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0109")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0112")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0203")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0206")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0209")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0212")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0303")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0306")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0309")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0312")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0406")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0412")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0509.428")) flag++; if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0612.458")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_GZIP-2084.NASL description This update fixes several security problems that can be exploited to compromise the system in conjunction with other programs while processing malformated archive files. (CVE-2006-4334,CVE-2006-4335,CVE-2006-4336,CVE-2006-4337,CVE -2006-4338) last seen 2020-06-01 modified 2020-06-02 plugin id 27261 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27261 title openSUSE 10 Security Update : gzip (gzip-2084) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update gzip-2084. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27261); script_version ("1.13"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337"); script_name(english:"openSUSE 10 Security Update : gzip (gzip-2084)"); script_summary(english:"Check for the gzip-2084 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes several security problems that can be exploited to compromise the system in conjunction with other programs while processing malformated archive files. (CVE-2006-4334,CVE-2006-4335,CVE-2006-4336,CVE-2006-4337,CVE -2006-4338)" ); script_set_attribute(attribute:"solution", value:"Update the affected gzip package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gzip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"gzip-1.3.5-159.5") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gzip"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0667.NASL description Updated gzip packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package contains the GNU gzip data compression program. Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338) Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Users of gzip should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 22442 published 2006-09-22 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22442 title RHEL 2.1 / 3 / 4 : gzip (RHSA-2006:0667) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0667. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(22442); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338"); script_xref(name:"RHSA", value:"2006:0667"); script_name(english:"RHEL 2.1 / 3 / 4 : gzip (RHSA-2006:0667)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated gzip packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package contains the GNU gzip data compression program. Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338) Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Users of gzip should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-4334" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-4335" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-4336" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-4337" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-4338" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2006:0667" ); script_set_attribute(attribute:"solution", value:"Update the affected gzip package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gzip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/19"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2006:0667"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"gzip-1.3-19.rhel2")) flag++; if (rpm_check(release:"RHEL3", reference:"gzip-1.3.3-13.rhel3")) flag++; if (rpm_check(release:"RHEL4", reference:"gzip-1.3.3-16.rhel4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gzip"); } }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200609-13.NASL description The remote host is affected by the vulnerability described in GLSA-200609-13 (gzip: Multiple vulnerabilities) Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the LZH decompression code, where a pathological data stream may result in the modification of stack data such as frame pointer, return address or saved registers. A static buffer underflow was discovered in the pack decompression support, allowing a specially crafted pack archive to underflow a .bss buffer. A static buffer overflow was uncovered in the LZH decompression code, allowing a data stream consisting of pathological huffman codes to overflow a .bss buffer. Multiple infinite loops were also uncovered in the LZH decompression code. Impact : A remote attacker may create a specially crafted gzip archive, which when decompressed by a user or automated system exectues arbitrary code with the privileges of the user id invoking gzip. The infinite loops may be abused by an attacker to disrupt any automated systems invoking gzip to handle data decompression. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22457 published 2006-09-27 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22457 title GLSA-200609-13 : gzip: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200609-13. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(22457); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338"); script_xref(name:"GLSA", value:"200609-13"); script_name(english:"GLSA-200609-13 : gzip: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200609-13 (gzip: Multiple vulnerabilities) Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the LZH decompression code, where a pathological data stream may result in the modification of stack data such as frame pointer, return address or saved registers. A static buffer underflow was discovered in the pack decompression support, allowing a specially crafted pack archive to underflow a .bss buffer. A static buffer overflow was uncovered in the LZH decompression code, allowing a data stream consisting of pathological huffman codes to overflow a .bss buffer. Multiple infinite loops were also uncovered in the LZH decompression code. Impact : A remote attacker may create a specially crafted gzip archive, which when decompressed by a user or automated system exectues arbitrary code with the privileges of the user id invoking gzip. The infinite loops may be abused by an attacker to disrupt any automated systems invoking gzip to handle data decompression. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200609-13" ); script_set_attribute( attribute:"solution", value: "All gzip users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-arch/gzip-1.3.5-r9'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gzip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/27"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-arch/gzip", unaffected:make_list("ge 1.3.5-r9"), vulnerable:make_list("lt 1.3.5-r9"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gzip"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-557.NASL description - Thu May 31 2007 Tomas Smetana <tsmetana at redhat.com> - 1.14i-20 - fix #220596 CVE-2006-4335/7/8 multiple vulnerabilities in lha Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25380 published 2007-06-04 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25380 title Fedora Core 5 : lha-1.14i-20 (2007-557) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-557. # include("compat.inc"); if (description) { script_id(25380); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_xref(name:"FEDORA", value:"2007-557"); script_name(english:"Fedora Core 5 : lha-1.14i-20 (2007-557)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Thu May 31 2007 Tomas Smetana <tsmetana at redhat.com> - 1.14i-20 - fix #220596 CVE-2006-4335/7/8 multiple vulnerabilities in lha Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001772.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6de2992d" ); script_set_attribute( attribute:"solution", value:"Update the affected lha and / or lha-debuginfo packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lha"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lha-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"lha-1.14i-20")) flag++; if (rpm_check(release:"FC5", reference:"lha-debuginfo-1.14i-20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lha / lha-debuginfo"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-262-01.NASL description New gzip packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix possible security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 22421 published 2006-09-22 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22421 title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : gzip (SSA:2006-262-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2006-262-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(22421); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2005-0758", "CVE-2005-0988", "CVE-2005-1228", "CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338"); script_xref(name:"SSA", value:"2006-262-01"); script_name(english:"Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : gzip (SSA:2006-262-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New gzip packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix possible security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?366c264f" ); script_set_attribute(attribute:"solution", value:"Update the affected gzip package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:gzip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/02"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"8.1", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i386", pkgnum:"1_slack8.1")) flag++; if (slackware_check(osver:"9.0", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i386", pkgnum:"1_slack9.0")) flag++; if (slackware_check(osver:"9.1", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i486", pkgnum:"1_slack9.1")) flag++; if (slackware_check(osver:"10.0", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i486", pkgnum:"1_slack10.0")) flag++; if (slackware_check(osver:"10.1", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i486", pkgnum:"1_slack10.1")) flag++; if (slackware_check(osver:"10.2", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++; if (slackware_check(osver:"current", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_11A840928F9F11DBAB33000E0C2E438A.NASL description Problem Description Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop. Impact The insufficient bounds checks in buffer use can cause gzip to crash, and may permit the execution of arbitrary code. The NULL pointer deference can cause gzip to crash. The infinite loop can cause a Denial-of-Service situation where gzip uses all available CPU time. Workaround No workaround is available. last seen 2020-06-01 modified 2020-06-02 plugin id 25437 published 2007-06-07 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25437 title FreeBSD : gzip -- multiple vulnerabilities (11a84092-8f9f-11db-ab33-000e0c2e438a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(25437); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338"); script_xref(name:"FreeBSD", value:"SA-06:21.gzip"); script_name(english:"FreeBSD : gzip -- multiple vulnerabilities (11a84092-8f9f-11db-ab33-000e0c2e438a)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Problem Description Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop. Impact The insufficient bounds checks in buffer use can cause gzip to crash, and may permit the execution of arbitrary code. The NULL pointer deference can cause gzip to crash. The infinite loop can cause a Denial-of-Service situation where gzip uses all available CPU time. Workaround No workaround is available." ); # https://vuxml.freebsd.org/freebsd/11a84092-8f9f-11db-ab33-000e0c2e438a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a46c290a" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gzip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/19"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"gzip<1.3.12")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-167.NASL description NULL Dereference (CVE-2006-4334) A stack modification vulnerability (where a stack buffer can be modified out of bounds, but not in the traditional stack overrun sense) exists in the LZH decompression support of gzip. (CVE-2006-4335) A .bss buffer underflow exists in gzip last seen 2020-06-01 modified 2020-06-02 plugin id 24553 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24553 title Mandrake Linux Security Advisory : gzip (MDKSA-2006:167) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0667.NASL description Updated gzip packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package contains the GNU gzip data compression program. Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338) Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Users of gzip should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 22422 published 2006-09-22 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22422 title CentOS 3 / 4 : gzip (CESA-2006:0667) NASL family Fedora Local Security Checks NASL id FEDORA_2006-989.NASL description - Wed Sep 20 2006 Ivana Varekova <varekova at redhat.com> 1.3.5-7.fc5 - fix bug 204676 (patches by Tavis Ormandy) - CVE-2006-4334 - null dereference problem - CVE-2006-4335 - buffer overflow problem - CVE-2006-4336 - buffer underflow problem - CVE-2006-4338 - infinite loop problem - CVE-2006-4337 - buffer overflow problem Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24183 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24183 title Fedora Core 5 : gzip-1.3.5-7.fc5 (2006-989) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1181.NASL description Tavis Ormandy from the Google Security Team discovered several vulnerabilities in gzip, the GNU compression utility. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4334 A NULL pointer dereference may lead to denial of service if gzip is used in an automated manner. - CVE-2006-4335 Missing boundary checks may lead to stack modification, allowing execution of arbitrary code. - CVE-2006-4336 A buffer underflow in the pack support code may lead to execution of arbitrary code. - CVE-2006-4337 A buffer underflow in the LZH support code may lead to execution of arbitrary code. - CVE-2006-4338 An infinite loop may lead to denial of service if gzip is used in an automated manner. last seen 2020-06-01 modified 2020-06-02 plugin id 22723 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22723 title Debian DSA-1181-1 : gzip - several vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200611-24.NASL description The remote host is affected by the vulnerability described in GLSA-200611-24 (LHa: Multiple vulnerabilities) Tavis Ormandy of the Google Security Team discovered several vulnerabilities in the LZH decompression component used by LHa. The make_table function of unlzh.c contains an array index error and a buffer overflow vulnerability. The build_tree function of unpack.c contains a buffer underflow vulnerability. Additionally, unlzh.c contains a code that could run in an infinite loop. Impact : By enticing a user to uncompress a specially crafted archive, a remote attacker could cause a Denial of Service by CPU consumption or execute arbitrary code with the rights of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 23746 published 2006-11-30 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23746 title GLSA-200611-24 : LHa: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE9_11220.NASL description Several security issues with gzip have been found that can be exploited to compromise the system in conjunction with other programs while processing malformed archive files. The vulnerabilities have been tracked by Mitre CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337 and CVE-2006-4338. last seen 2020-06-01 modified 2020-06-02 plugin id 41099 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41099 title SuSE9 Security Update : gzip (YOU Patch Number 11220) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-349-1.NASL description Tavis Ormandy discovered that gzip did not sufficiently verify the validity of gzip or compress archives while unpacking. By tricking an user or automated system into unpacking a specially crafted compressed file, this could be exploited to execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 27929 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27929 title Ubuntu 5.04 / 5.10 / 6.06 LTS : gzip vulnerabilities (USN-349-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0667.NASL description From Red Hat Security Advisory 2006:0667 : Updated gzip packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package contains the GNU gzip data compression program. Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338) Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Users of gzip should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67408 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67408 title Oracle Linux 3 / 4 : gzip (ELSA-2006-0667)
Oval
| accepted | 2013-04-29T04:05:15.938-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability." | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10391 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability." | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | Apple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X存在多个安全问题,远程和本地攻击者可以利用漏洞进行恶意代码执行,拒绝服务攻击,特权提升,覆盖文件,获得敏感信息等攻击。 具体问题如下: AirPort-CVE-ID: CVE-2006-5710: AirPort无线驱动不正确处理应答帧,可导致基于堆的溢出。 ATS-CVE-ID: CVE-2006-4396: Apple Type服务不安全建立错误日至可导致任意文件覆盖。 ATS-CVE-ID: CVE-2006-4398: Apple Type服务存在多个缓冲区溢出,可导致以高权限执行任意代码。 ATS-CVE-ID: CVE-2006-4400: 利用特殊的字体文件,可导致任意代码执行。 CFNetwork-CVE-ID: CVE-2006-4401: 通过诱使用户访问恶意ftp URI,可导致任意ftp命令执行。 ClamAV-CVE-ID: CVE-2006-4182: 恶意email消息可导致ClamAV执行任意代码。 Finder-CVE-ID: CVE-2006-4402: 通过浏览共享目录可导致应用程序崩溃或执行任意代码。 ftpd-CVE-ID: CVE-2006-4403: 当ftp访问启用时,未授权用户可判别合法的账户名。 gnuzip-CVE-ID: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338: gunzip处理压缩文件存在多个问题,可导致应用程序崩溃或执行任意指令。 Installer-CVE-ID: CVE-2006-4404: 当以管理用户安装软件时,系统权限可能被未授权利用。 OpenSSL-CVE-ID: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, CVE-2006-4343: OpenSSL存在多个安全问题可导致任意代码执行或者获得敏感信息。 perl-CVE-ID: CVE-2005-3962: 不安全处理字符串,可导致Perl应用程序执行任意代码。 PHP-CVE-ID: CVE-2006-1490, CVE-2006-1990: Php应用程序存在多个问题,可导致拒绝服务或执行任意代码。 PHP-CVE-ID: CVE-2006-5465: PHP的htmlentities()和htmlspecialchars()函数存在缓冲区溢出,可导致任意代码执行。 PPP-CVE-ID: CVE-2006-4406: 在不可信的本地网络上使用PPPoE可导致任意代码执行。 Samba-CVE-ID: CVE-2006-3403: 当Windows共享使用时,远程攻击者可进行拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4407: 不安全的传送方法可导致不协商最安全的加密信息。 Security Framework-CVE-ID: CVE-2006-4408: 处理X.509证书时可导致拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4409: 当使用http代理时,证书废弃列表不能获得。 Security Framework-CVE-ID: CVE-2006-4410: 部分调用证书错误的被授权。 VPN-CVE-ID: CVE-2006-4411: 恶意本地用户可获得系统特权。 WebKit-CVE-ID: CVE-2006-4412: 通过诱使用户浏览恶意web页执行任意代码。 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 <a href="http://docs.info.apple.com/article.html?artnum=304829" target="_blank">http://docs.info.apple.com/article.html?artnum=304829</a> |
| id | SSV:623 |
| last seen | 2017-11-19 |
| modified | 2006-11-29 |
| published | 2006-11-29 |
| reporter | Root |
| title | Apple Mac OS X 2006-007存在多个安全漏洞 |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/21996
- http://secunia.com/advisories/22002
- http://secunia.com/advisories/22009
- http://secunia.com/advisories/22012
- http://secunia.com/advisories/22017
- http://secunia.com/advisories/22027
- http://secunia.com/advisories/22033
- http://secunia.com/advisories/22034
- http://secunia.com/advisories/22043
- http://secunia.com/advisories/22085
- http://secunia.com/advisories/22101
- http://secunia.com/advisories/22435
- http://secunia.com/advisories/22487
- http://secunia.com/advisories/22661
- http://secunia.com/advisories/23153
- http://secunia.com/advisories/23155
- http://secunia.com/advisories/23156
- http://secunia.com/advisories/23679
- http://secunia.com/advisories/24435
- http://secunia.com/advisories/24636
- http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc
- http://security.gentoo.org/glsa/glsa-200609-13.xml
- http://securitytracker.com/id?1016883
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm
- http://www.gentoo.org/security/en/glsa/glsa-200611-24.xml
- http://www.kb.cert.org/vuls/id/381508
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:167
- http://www.novell.com/linux/security/advisories/2006_56_gzip.html
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html
- http://www.redhat.com/support/errata/RHSA-2006-0667.html
- http://www.securityfocus.com/archive/1/446426/100/0/threaded
- http://www.securityfocus.com/archive/1/450078/100/0/threaded
- http://www.securityfocus.com/archive/1/451324/100/0/threaded
- http://www.securityfocus.com/archive/1/462007/100/0/threaded
- http://www.securityfocus.com/archive/1/464268/100/0/threaded
- http://www.securityfocus.com/bid/20101
- http://www.trustix.org/errata/2006/0052/
- http://www.ubuntu.com/usn/usn-349-1
- http://www.us.debian.org/security/2006/dsa-1181
- http://www.us-cert.gov/cas/techalerts/TA06-333A.html
- http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
- http://www.vupen.com/english/advisories/2006/3695
- http://www.vupen.com/english/advisories/2006/4275
- http://www.vupen.com/english/advisories/2006/4750
- http://www.vupen.com/english/advisories/2006/4760
- http://www.vupen.com/english/advisories/2007/0092
- http://www.vupen.com/english/advisories/2007/0832
- http://www.vupen.com/english/advisories/2007/1171
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29040
- https://issues.rpath.com/browse/RPL-615
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10391