Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2006:167: gzip

Vulnerability Assessment Details

MDKSA-2006:167: gzip
Vulnerability Assessment Summary
Check for the version of the gzip package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2006:167 (gzip).

NULL Dereference (CVE-2006-4334)
A stack modification vulnerability (where a stack buffer can be
modified out of bounds, but not in the traditional stack overrun sense)
exists in the LZH decompression support of gzip. (CVE-2006-4335)
A .bss buffer underflow exists in gzip's pack support, where a loop
from build_tree() does not enforce any lower bound while constructing
the prefix table. (CVE-2006-4336)
A .bss buffer overflow vulnerability exists in gzip's LZH support, due
to it's inability to handle exceptional input in the make_table()
function, a pathological decoding table can be constructed in such a
way as to generate counts so high that the rapid growth of `nextcode`
exceeds the size of the table[] buffer. (CVE-2006-4337)
A possible infinite loop exists in code from unlzh.c for traversing the
branches of a tree structure. This makes it possible to disrupt the
operation of automated systems relying on gzip for data decompression,
resulting in a minor DoS. (CVE-2006-4338) Updated packages have been
patched to address these issues.

Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:167
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security
Cables, Connectors


Dell OptiPlex 3060 SFF Computer Core i5 8th Gen 6-core 8GB Ram 256GB NVMe Wi-Fi picture

Dell OptiPlex 3060 SFF Computer Core i5 8th Gen 6-core 8GB Ram 256GB NVMe Wi-Fi

$159.99


Dell 9020 Optiplex Micro-Intel Core i5 - 1TB SSD 8GB RAM Window 11 picture

Dell 9020 Optiplex Micro-Intel Core i5 - 1TB SSD 8GB RAM Window 11

$119.49


HP EliteDesk 800 G5 TWR Intel Core i5-9500 3.00GHz 8GB RAM 256GB M.2 NVMe No OS picture

HP EliteDesk 800 G5 TWR Intel Core i5-9500 3.00GHz 8GB RAM 256GB M.2 NVMe No OS

$119.99


HP Workstation Z640 2x Xeon E5-2623V4 32GB Ram Dual 256GB SSD K420 Linux GA picture

HP Workstation Z640 2x Xeon E5-2623V4 32GB Ram Dual 256GB SSD K420 Linux GA

$234.98


HP EliteDesk 800 G5 mini 8-core i7-9700T 16G RAM 500GB SSD WiFi picture

HP EliteDesk 800 G5 mini 8-core i7-9700T 16G RAM 500GB SSD WiFi

$215.00


Intel Xeon E5-2667 V2 LGA 2011 3.3GHz 8 Core 130W 25MB 8GT/s CPU Processor picture

Intel Xeon E5-2667 V2 LGA 2011 3.3GHz 8 Core 130W 25MB 8GT/s CPU Processor

$24.00


Intel Core i7-13700K - 13th Gen Raptor Lake 16-Core (8P+8E) 3.4GHz LGA 1700 CPU picture

Intel Core i7-13700K - 13th Gen Raptor Lake 16-Core (8P+8E) 3.4GHz LGA 1700 CPU

$314.99


Intel Core i7-13700KF - 13th Gen Raptor Lake 16-Core (8P+8E) Desktop CPU picture

Intel Core i7-13700KF - 13th Gen Raptor Lake 16-Core (8P+8E) Desktop CPU

$295.99


HP Z420 Workstation Xeon E5-2690 v2 3ghz 10-Cores 64gb 240gb SSD 1TB Win10 picture

HP Z420 Workstation Xeon E5-2690 v2 3ghz 10-Cores 64gb 240gb SSD 1TB Win10

$199.99


Dell Precision T7610 8-Core 2.60GHz E5-2650 v2 4x Trays 64GB RAM 2tb SSD WIN 10 picture

Dell Precision T7610 8-Core 2.60GHz E5-2650 v2 4x Trays 64GB RAM 2tb SSD WIN 10

$319.99


Discussions

No Discussions have been posted on this vulnerability.