rPath Security Advisory: 2006-0170-1 - Previous versions of the gzip package contain multiple vulnerabilities that enable user-complicit unauthorized access when a user attempts to gunzip intentionally malformed gzip files. Some network services will automatically run the gunzip program in some contexts, which may then enable direct unauthorized access to the user account that provides the network service.
0b107839b2c512624c59c4384749fdf31feddab324d5d21277c716174a9ca4d3rPath Security Advisory: 2006-0170-1
Published: 2006-09-19
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
gzip=/conary.rpath.com@rpl:devel//1/1.3.5-4-0.1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
https://issues.rpath.com/browse/RPL-615
Description:
Previous versions of the gzip package contain multiple vulnerabilities
that enable user-complicit unauthorized access when a user attempts to
gunzip intentionally malformed gzip files. Some network services will
automatically run the gunzip program in some contexts, which may then
enable direct unauthorized access to the user account that provides
the network service.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed