what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2010-0001

Status Candidate

Overview

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.

Related Files

Gentoo Linux Security Advisory 201412-08
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.

tags | advisory, remote, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2006-3005, CVE-2007-2741, CVE-2008-0553, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2008-6661, CVE-2009-0040, CVE-2009-0360, CVE-2009-0361, CVE-2009-0946, CVE-2009-2042, CVE-2009-2624, CVE-2009-3736, CVE-2009-4029, CVE-2009-4411, CVE-2009-4896, CVE-2010-0001, CVE-2010-0436, CVE-2010-0732, CVE-2010-0829, CVE-2010-1000, CVE-2010-1205, CVE-2010-1511, CVE-2010-2056, CVE-2010-2060, CVE-2010-2192, CVE-2010-2251
SHA-256 | a863e2eb03f0ac1937834e096aa9a52158ef6e9eb8144f3d6df45b14d4002a27
Mandriva Linux Security Advisory 2011-152
Posted Oct 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-152 - An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip. The updated packages have been upgraded to the 4.2.4.4 version which is not vulnerable to this issue.

tags | advisory, remote, arbitrary, local, code execution
systems | linux, mandriva
advisories | CVE-2010-0001
SHA-256 | e53828c95c8dd6c339d93d29f1dc8ec20f358bd17aee33d0d87c3ab4ec8d6236
Debian Linux Security Advisory 2074-1
Posted Jul 21, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2074-1 - Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2010-0001
SHA-256 | 50c62803a6a8a590dea68ddb31eb6f822375c0761f3889df99469706d035eb40
Ubuntu Security Notice 889-1
Posted Jan 21, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 889-1 - It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Aki Helin discovered that gzip incorrectly handled certain malformed files compressed with the Lempel

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-2624, CVE-2010-0001
SHA-256 | 2d7b396c190d62a5aab0c1e1b39b06e60d46fda949cf0f9f8483b808e93b4b85
Mandriva Linux Security Advisory 2010-020
Posted Jan 21, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-020 - A missing input sanitation flaw was found in the way gzip used to decompress data blocks for dynamic Huffman codes. A remote attacker could provide a specially-crafted gzip compressed data archive, which once opened by a local, unsuspecting user would lead to denial of service (gzip crash) or, potentially, to arbitrary code execution with the privileges of the user running gzip. An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, arbitrary, local, code execution
systems | linux, mandriva
advisories | CVE-2009-2624, CVE-2010-0001
SHA-256 | 7980610906396d3404f249abea3a118e88d040bb5af629574f6c48ec40499772
Mandriva Linux Security Advisory 2010-019
Posted Jan 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-019 - An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary, local, code execution
systems | linux, mandriva
advisories | CVE-2010-0001
SHA-256 | ff10bc8eca9a6a43d582662f4c5151e1182d17005b3fe1edbc0e40b347c70185
Debian Linux Security Advisory 1974-1
Posted Jan 20, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1974-1 - Several vulnerabilities have been found in gzip, the GNU compression utilities.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-2624, CVE-2010-0001
SHA-256 | e397141f9be1ae80a34d9e6ea6e578ba79705dedef10ce6d881ad43ea196457a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close