CERT/CC Vulnerability Note VU#381508

Overview

The gzip program contains a stack modification vulnerability that may allow an attacker to execute arbitrary code, or create a denial-of-service condition..

Description

The gzip program is used to compress and decompress archived files.

A stack modification vulnerability exists in gzip. An attacker may be able to exploit this vulnerability by convincing a user to open a specially crafted gzip file.

Note that the attacker could either convince a user to open a malicious gzip file, or save the file in a place where another program would call gzip to decompress the archive.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code, or create a denial-of-service condition..

Solution

Upgrade
This issue has been addressed in gzip 1.3.6. See the systems affected section of this document for information about specific vendors.

Workarounds
Until updates can be applied, the following workarounds may mitigate the impact of this vulnerability:

Do not decompress gzip files that are received from unknown sources.
Do not execute gzip with system-level privileges.
Some automated processes may rely on gzip to complete their tasks. When possible, disable such programs or do not allow them to execute gzip with root privileges.

Vendor Information

381508

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Apple Computer, Inc. Affected

Debian GNU/Linux Affected

FreeBSD, Inc. Affected

Openwall GNU/*/Linux Affected

Red Hat, Inc. Affected

Slackware Linux Inc. Affected

Ubuntu Affected

Computer Associates Not Affected

Force10 Networks, Inc. Not Affected

Global Technology Associates Not Affected

Hitachi Not Affected

3com, Inc. Unknown

AT&T Unknown

Aladdin Knowledge Systems Unknown

Alcatel Unknown

Avaya, Inc. Unknown

Avici Systems, Inc. Unknown

Borderware Technologies Unknown

Charlotte's Web Networks Unknown

Check Point Software Technologies Unknown

Chiaro Networks, Inc. Unknown

Cisco Systems, Inc. Unknown

Clavister Unknown

Command Software Systems Unknown

Computer Associates eTrust Security Management Unknown

Conectiva Inc. Unknown

Cray Inc. Unknown

CyberSoft, Inc. Unknown

D-Link Systems, Inc. Unknown

Data Connection, Ltd. Unknown

DataFellows Unknown

Debian GNU/Linux Unknown

EMC, Inc. (formerly Data General Corporation) Unknown

Engarde Secure Linux Unknown

Ericsson Unknown

Extreme Networks Unknown

F-PROT by FRISK Software International Unknown

F-Secure Corporation Unknown

F5 Networks, Inc. Unknown

Fedora Project Unknown

Finjan Software Unknown

Fortinet, Inc. Unknown

Foundry Networks, Inc. Unknown

Fujitsu Unknown

GFI Software, Inc. Unknown

Gentoo Linux Unknown

Hewlett-Packard Company Unknown

Hyperchip Unknown

IBM Corporation Unknown

IBM Corporation (zseries) Unknown

IBM eServer Unknown

IP Filter Unknown

Immunix Communications, Inc. Unknown

Ingrian Networks, Inc. Unknown

Inner Media, Inc. Unknown

Intel Corporation Unknown

Internet Security Systems, Inc. Unknown

Intoto Unknown

Juniper Networks, Inc. Unknown

Linksys (A division of Cisco Systems) Unknown

Lucent Technologies Unknown

Luminous Networks Unknown

Mandriva, Inc. Unknown

MessageLabs Unknown

Microsoft Corporation Unknown

MontaVista Software, Inc. Unknown

Multinet (owned Process Software Corporation) Unknown

Multitech, Inc. Unknown

NEC Corporation Unknown

NetBSD Unknown

Network Appliance, Inc. Unknown

NextHop Technologies, Inc. Unknown

Nokia Unknown

Nortel Networks, Inc. Unknown

Novell, Inc. Unknown

OpenBSD Unknown

Proland Software, Inc. Unknown

QNX, Software Systems, Inc. Unknown

Redback Networks, Inc. Unknown

Riverstone Networks, Inc. Unknown

SUSE Linux Unknown

Secure Computing Network Security Division Unknown

Secureworx, Inc. Unknown

Silicon Graphics, Inc. Unknown

Sony Corporation Unknown

Sophos, Inc. Unknown

Stonesoft Unknown

Sun Microsystems, Inc. Unknown

Symantec, Inc. Unknown

The SCO Group Unknown

Trendmicro Unknown

Trustix Secure Linux Unknown

Turbolinux Unknown

Unisys Unknown

Watchguard Technologies, Inc. Unknown

Wind River Systems, Inc. Unknown

ZyXEL Unknown

eSoft, Inc. Unknown

netfilter Unknown

View all 99 vendors View less vendors

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Tavis Ormandy, Google Security Team for reporting this issue.

This document was written by Ryan Giobbi.

Other Information

CVE IDs:	CVE-2006-4335
Severity Metric:	1.57
Date Public:	2006-06-19
Date First Published:	2006-09-19
Date Last Updated:	2011-07-22 12:54 UTC
Document Revision:	56

Software Engineering Institute

CERT Coordination Center

gzip contains an array out-of-bounds vulnerability in make_table()

Vulnerability Note VU#381508