Vulnerabilities > CVE-2006-4336 - Unspecified vulnerability in Gzip 1.3.5

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gzip
nessus

Summary

Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.

Vulnerable Configurations

Part Description Count
Application
Gzip
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_GZIP-2085.NASL
    descriptionThis update fixes several security problems that can be exploited to compromise the system in conjunction with other programs while processing malformated archive files. (CVE-2006-4334 / CVE-2006-4335 / CVE-2006-4336 / CVE-2006-4337 / CVE-2006-4338)
    last seen2020-06-01
    modified2020-06-02
    plugin id29458
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29458
    titleSuSE 10 Security Update : gzip (ZYPP Patch Number 2085)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29458);
      script_version ("1.14");
      script_cvs_date("Date: 2019/10/25 13:36:28");
    
      script_cve_id("CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338");
    
      script_name(english:"SuSE 10 Security Update : gzip (ZYPP Patch Number 2085)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes several security problems that can be exploited to
    compromise the system in conjunction with other programs while
    processing malformated archive files. (CVE-2006-4334 / CVE-2006-4335 /
    CVE-2006-4336 / CVE-2006-4337 / CVE-2006-4338)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-4334.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-4335.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-4336.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-4337.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-4338.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2085.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/09/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:0, reference:"gzip-1.3.5-159.5")) flag++;
    if (rpm_check(release:"SLES10", sp:0, reference:"gzip-1.3.5-159.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHCO_35587.NASL
    descriptions700_800 11.11 Software Distributor Cumulative Patch : A potential security vulnerability has been identified with the version of GZIP delivered by HP-UX Software Distributor (SD). The vulnerability could be remotely exploited leading to a Denial of Service (DoS).
    last seen2020-06-01
    modified2020-06-02
    plugin id26120
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26120
    titleHP-UX PHCO_35587 : HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS) (HPSBUX02195 SSRT061237 rev.1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHCO_35587. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(26120);
      script_version("1.17");
      script_cvs_date("Date: 2018/07/12 19:01:15");
    
      script_cve_id("CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338");
      script_bugtraq_id(19488, 20042);
      script_xref(name:"HP", value:"emr_na-c00874667");
      script_xref(name:"HP", value:"HPSBUX02195");
      script_xref(name:"HP", value:"SSRT061237");
    
      script_name(english:"HP-UX PHCO_35587 : HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS) (HPSBUX02195 SSRT061237 rev.1)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.11 Software Distributor Cumulative Patch : 
    
    A potential security vulnerability has been identified with the
    version of GZIP delivered by HP-UX Software Distributor (SD). The
    vulnerability could be remotely exploited leading to a Denial of
    Service (DoS)."
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00874667
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bb18571d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHCO_35587 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.11"))
    {
      exit(0, "The host is not affected since PHCO_35587 applies to a different OS release.");
    }
    
    patches = make_list("PHCO_35587", "PHCO_38226", "PHCO_41200");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.GZIP", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-AGENT", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-CMDS", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-ENG-A-MAN", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-FRE-I-MSG", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-GER-I-MSG", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-HELP", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-HELP", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MAN", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-E-MSG", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-HELP", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MAN", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-JPN-S-MSG", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-KOR-E-MSG", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-B-MSG", version:"B.11.11.0612.458")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0106")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0109")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0112")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0203")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0206")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0209")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0212")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0303")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0306")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0309")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0312")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0406")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0412")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0509.428")) flag++;
    if (hpux_check_patch(app:"SW-DIST.SD-TCH-H-MSG", version:"B.11.11.0612.458")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GZIP-2084.NASL
    descriptionThis update fixes several security problems that can be exploited to compromise the system in conjunction with other programs while processing malformated archive files. (CVE-2006-4334,CVE-2006-4335,CVE-2006-4336,CVE-2006-4337,CVE -2006-4338)
    last seen2020-06-01
    modified2020-06-02
    plugin id27261
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27261
    titleopenSUSE 10 Security Update : gzip (gzip-2084)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update gzip-2084.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27261);
      script_version ("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:28");
    
      script_cve_id("CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337");
    
      script_name(english:"openSUSE 10 Security Update : gzip (gzip-2084)");
      script_summary(english:"Check for the gzip-2084 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes several security problems that can be exploited to
    compromise the system in conjunction with other programs while
    processing malformated archive files.
    (CVE-2006-4334,CVE-2006-4335,CVE-2006-4336,CVE-2006-4337,CVE
    
    -2006-4338)"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gzip package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/09/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"gzip-1.3.5-159.5") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gzip");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0667.NASL
    descriptionUpdated gzip packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package contains the GNU gzip data compression program. Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338) Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Users of gzip should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id22442
    published2006-09-22
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22442
    titleRHEL 2.1 / 3 / 4 : gzip (RHSA-2006:0667)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0667. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22442);
      script_version ("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338");
      script_xref(name:"RHSA", value:"2006:0667");
    
      script_name(english:"RHEL 2.1 / 3 / 4 : gzip (RHSA-2006:0667)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated gzip packages that fix several security issues are now
    available for Red Hat Enterprise Linux.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The gzip package contains the GNU gzip data compression program.
    
    Tavis Ormandy of the Google Security Team discovered two denial of
    service flaws in the way gzip expanded archive files. If a victim
    expanded a specially crafted archive, it could cause the gzip
    executable to hang or crash. (CVE-2006-4334, CVE-2006-4338)
    
    Tavis Ormandy of the Google Security Team discovered several code
    execution flaws in the way gzip expanded archive files. If a victim
    expanded a specially crafted archive, it could cause the gzip
    executable to crash or execute arbitrary code. (CVE-2006-4335,
    CVE-2006-4336, CVE-2006-4337)
    
    Users of gzip should upgrade to these updated packages, which contain
    a backported patch and is not vulnerable to these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4334"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4335"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4337"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0667"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gzip package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/09/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0667";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"gzip-1.3-19.rhel2")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"gzip-1.3.3-13.rhel3")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"gzip-1.3.3-16.rhel4")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gzip");
      }
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200609-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200609-13 (gzip: Multiple vulnerabilities) Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the LZH decompression code, where a pathological data stream may result in the modification of stack data such as frame pointer, return address or saved registers. A static buffer underflow was discovered in the pack decompression support, allowing a specially crafted pack archive to underflow a .bss buffer. A static buffer overflow was uncovered in the LZH decompression code, allowing a data stream consisting of pathological huffman codes to overflow a .bss buffer. Multiple infinite loops were also uncovered in the LZH decompression code. Impact : A remote attacker may create a specially crafted gzip archive, which when decompressed by a user or automated system exectues arbitrary code with the privileges of the user id invoking gzip. The infinite loops may be abused by an attacker to disrupt any automated systems invoking gzip to handle data decompression. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id22457
    published2006-09-27
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22457
    titleGLSA-200609-13 : gzip: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200609-13.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22457);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:43");
    
      script_cve_id("CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338");
      script_xref(name:"GLSA", value:"200609-13");
    
      script_name(english:"GLSA-200609-13 : gzip: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200609-13
    (gzip: Multiple vulnerabilities)
    
        Tavis Ormandy of the Google Security Team has reported multiple
        vulnerabilities in gzip. A stack buffer modification vulnerability was
        discovered in the LZH decompression code, where a pathological data
        stream may result in the modification of stack data such as frame
        pointer, return address or saved registers. A static buffer underflow
        was discovered in the pack decompression support, allowing a specially
        crafted pack archive to underflow a .bss buffer. A static buffer
        overflow was uncovered in the LZH decompression code, allowing a data
        stream consisting of pathological huffman codes to overflow a .bss
        buffer. Multiple infinite loops were also uncovered in the LZH
        decompression code.
      
    Impact :
    
        A remote attacker may create a specially crafted gzip archive, which
        when decompressed by a user or automated system exectues arbitrary code
        with the privileges of the user id invoking gzip. The infinite loops
        may be abused by an attacker to disrupt any automated systems invoking
        gzip to handle data decompression.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200609-13"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All gzip users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-arch/gzip-1.3.5-r9'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/09/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/27");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-arch/gzip", unaffected:make_list("ge 1.3.5-r9"), vulnerable:make_list("lt 1.3.5-r9"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gzip");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2006-262-01.NASL
    descriptionNew gzip packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix possible security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id22421
    published2006-09-22
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22421
    titleSlackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : gzip (SSA:2006-262-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2006-262-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22421);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2005-0758", "CVE-2005-0988", "CVE-2005-1228", "CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338");
      script_xref(name:"SSA", value:"2006-262-01");
    
      script_name(english:"Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : gzip (SSA:2006-262-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New gzip packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
    10.1, 10.2, and -current to fix possible security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?366c264f"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gzip package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:gzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/09/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"8.1", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i386", pkgnum:"1_slack8.1")) flag++;
    
    if (slackware_check(osver:"9.0", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i386", pkgnum:"1_slack9.0")) flag++;
    
    if (slackware_check(osver:"9.1", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i486", pkgnum:"1_slack9.1")) flag++;
    
    if (slackware_check(osver:"10.0", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i486", pkgnum:"1_slack10.0")) flag++;
    
    if (slackware_check(osver:"10.1", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i486", pkgnum:"1_slack10.1")) flag++;
    
    if (slackware_check(osver:"10.2", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"gzip", pkgver:"1.3.5", pkgarch:"i486", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_11A840928F9F11DBAB33000E0C2E438A.NASL
    descriptionProblem Description Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop. Impact The insufficient bounds checks in buffer use can cause gzip to crash, and may permit the execution of arbitrary code. The NULL pointer deference can cause gzip to crash. The infinite loop can cause a Denial-of-Service situation where gzip uses all available CPU time. Workaround No workaround is available.
    last seen2020-06-01
    modified2020-06-02
    plugin id25437
    published2007-06-07
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25437
    titleFreeBSD : gzip -- multiple vulnerabilities (11a84092-8f9f-11db-ab33-000e0c2e438a)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25437);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:38");
    
      script_cve_id("CVE-2006-4334", "CVE-2006-4335", "CVE-2006-4336", "CVE-2006-4337", "CVE-2006-4338");
      script_xref(name:"FreeBSD", value:"SA-06:21.gzip");
    
      script_name(english:"FreeBSD : gzip -- multiple vulnerabilities (11a84092-8f9f-11db-ab33-000e0c2e438a)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Problem Description Multiple programming errors have been found in
    gzip which can be triggered when gzip is decompressing files. These
    errors include insufficient bounds checks in buffer use, a NULL
    pointer dereference, and a potential infinite loop. Impact The
    insufficient bounds checks in buffer use can cause gzip to crash, and
    may permit the execution of arbitrary code. The NULL pointer deference
    can cause gzip to crash. The infinite loop can cause a
    Denial-of-Service situation where gzip uses all available CPU time.
    Workaround No workaround is available."
      );
      # https://vuxml.freebsd.org/freebsd/11a84092-8f9f-11db-ab33-000e0c2e438a.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a46c290a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"gzip<1.3.12")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-167.NASL
    descriptionNULL Dereference (CVE-2006-4334) A stack modification vulnerability (where a stack buffer can be modified out of bounds, but not in the traditional stack overrun sense) exists in the LZH decompression support of gzip. (CVE-2006-4335) A .bss buffer underflow exists in gzip
    last seen2020-06-01
    modified2020-06-02
    plugin id24553
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24553
    titleMandrake Linux Security Advisory : gzip (MDKSA-2006:167)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0667.NASL
    descriptionUpdated gzip packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package contains the GNU gzip data compression program. Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338) Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Users of gzip should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id22422
    published2006-09-22
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22422
    titleCentOS 3 / 4 : gzip (CESA-2006:0667)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-989.NASL
    description - Wed Sep 20 2006 Ivana Varekova <varekova at redhat.com> 1.3.5-7.fc5 - fix bug 204676 (patches by Tavis Ormandy) - CVE-2006-4334 - null dereference problem - CVE-2006-4335 - buffer overflow problem - CVE-2006-4336 - buffer underflow problem - CVE-2006-4338 - infinite loop problem - CVE-2006-4337 - buffer overflow problem Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24183
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24183
    titleFedora Core 5 : gzip-1.3.5-7.fc5 (2006-989)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1181.NASL
    descriptionTavis Ormandy from the Google Security Team discovered several vulnerabilities in gzip, the GNU compression utility. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4334 A NULL pointer dereference may lead to denial of service if gzip is used in an automated manner. - CVE-2006-4335 Missing boundary checks may lead to stack modification, allowing execution of arbitrary code. - CVE-2006-4336 A buffer underflow in the pack support code may lead to execution of arbitrary code. - CVE-2006-4337 A buffer underflow in the LZH support code may lead to execution of arbitrary code. - CVE-2006-4338 An infinite loop may lead to denial of service if gzip is used in an automated manner.
    last seen2020-06-01
    modified2020-06-02
    plugin id22723
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22723
    titleDebian DSA-1181-1 : gzip - several vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200611-24.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200611-24 (LHa: Multiple vulnerabilities) Tavis Ormandy of the Google Security Team discovered several vulnerabilities in the LZH decompression component used by LHa. The make_table function of unlzh.c contains an array index error and a buffer overflow vulnerability. The build_tree function of unpack.c contains a buffer underflow vulnerability. Additionally, unlzh.c contains a code that could run in an infinite loop. Impact : By enticing a user to uncompress a specially crafted archive, a remote attacker could cause a Denial of Service by CPU consumption or execute arbitrary code with the rights of the user running the application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id23746
    published2006-11-30
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23746
    titleGLSA-200611-24 : LHa: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_11220.NASL
    descriptionSeveral security issues with gzip have been found that can be exploited to compromise the system in conjunction with other programs while processing malformed archive files. The vulnerabilities have been tracked by Mitre CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337 and CVE-2006-4338.
    last seen2020-06-01
    modified2020-06-02
    plugin id41099
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41099
    titleSuSE9 Security Update : gzip (YOU Patch Number 11220)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-349-1.NASL
    descriptionTavis Ormandy discovered that gzip did not sufficiently verify the validity of gzip or compress archives while unpacking. By tricking an user or automated system into unpacking a specially crafted compressed file, this could be exploited to execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id27929
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27929
    titleUbuntu 5.04 / 5.10 / 6.06 LTS : gzip vulnerabilities (USN-349-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0667.NASL
    descriptionFrom Red Hat Security Advisory 2006:0667 : Updated gzip packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package contains the GNU gzip data compression program. Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338) Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Users of gzip should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67408
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67408
    titleOracle Linux 3 / 4 : gzip (ELSA-2006-0667)

Oval

accepted2013-04-29T04:02:09.660-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionBuffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
familyunix
idoval:org.mitre.oval:def:10140
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleBuffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
version26

Redhat

advisories
rhsa
idRHSA-2006:0667
rpms
  • gzip-0:1.3.3-13.rhel3
  • gzip-0:1.3.3-16.rhel4
  • gzip-debuginfo-0:1.3.3-13.rhel3
  • gzip-debuginfo-0:1.3.3-16.rhel4

Seebug

bulletinFamilyexploit
descriptionApple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X存在多个安全问题,远程和本地攻击者可以利用漏洞进行恶意代码执行,拒绝服务攻击,特权提升,覆盖文件,获得敏感信息等攻击。 具体问题如下: AirPort-CVE-ID: CVE-2006-5710: AirPort无线驱动不正确处理应答帧,可导致基于堆的溢出。 ATS-CVE-ID: CVE-2006-4396: Apple Type服务不安全建立错误日至可导致任意文件覆盖。 ATS-CVE-ID: CVE-2006-4398: Apple Type服务存在多个缓冲区溢出,可导致以高权限执行任意代码。 ATS-CVE-ID: CVE-2006-4400: 利用特殊的字体文件,可导致任意代码执行。 CFNetwork-CVE-ID: CVE-2006-4401: 通过诱使用户访问恶意ftp URI,可导致任意ftp命令执行。 ClamAV-CVE-ID: CVE-2006-4182: 恶意email消息可导致ClamAV执行任意代码。 Finder-CVE-ID: CVE-2006-4402: 通过浏览共享目录可导致应用程序崩溃或执行任意代码。 ftpd-CVE-ID: CVE-2006-4403: 当ftp访问启用时,未授权用户可判别合法的账户名。 gnuzip-CVE-ID: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338: gunzip处理压缩文件存在多个问题,可导致应用程序崩溃或执行任意指令。 Installer-CVE-ID: CVE-2006-4404: 当以管理用户安装软件时,系统权限可能被未授权利用。 OpenSSL-CVE-ID: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, CVE-2006-4343: OpenSSL存在多个安全问题可导致任意代码执行或者获得敏感信息。 perl-CVE-ID: CVE-2005-3962: 不安全处理字符串,可导致Perl应用程序执行任意代码。 PHP-CVE-ID: CVE-2006-1490, CVE-2006-1990: Php应用程序存在多个问题,可导致拒绝服务或执行任意代码。 PHP-CVE-ID: CVE-2006-5465: PHP的htmlentities()和htmlspecialchars()函数存在缓冲区溢出,可导致任意代码执行。 PPP-CVE-ID: CVE-2006-4406: 在不可信的本地网络上使用PPPoE可导致任意代码执行。 Samba-CVE-ID: CVE-2006-3403: 当Windows共享使用时,远程攻击者可进行拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4407: 不安全的传送方法可导致不协商最安全的加密信息。 Security Framework-CVE-ID: CVE-2006-4408: 处理X.509证书时可导致拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4409: 当使用http代理时,证书废弃列表不能获得。 Security Framework-CVE-ID: CVE-2006-4410: 部分调用证书错误的被授权。 VPN-CVE-ID: CVE-2006-4411: 恶意本地用户可获得系统特权。 WebKit-CVE-ID: CVE-2006-4412: 通过诱使用户浏览恶意web页执行任意代码。 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 <a href="http://docs.info.apple.com/article.html?artnum=304829" target="_blank">http://docs.info.apple.com/article.html?artnum=304829</a>
idSSV:623
last seen2017-11-19
modified2006-11-29
published2006-11-29
reporterRoot
titleApple Mac OS X 2006-007存在多个安全漏洞

Statements

contributorMark J Cox
lastmodified2007-03-14
organizationRed Hat
statementRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References