CERT/CC Vulnerability Note VU#773548

Overview

The gzip program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition.

Description

The gzip program is used to compress and decompress archived files. Some implementations of gzip include support for the LZH compression algorithm.

A buffer overflow vulnerability exists in the way gzip handles certain files compressed with the LZH algorithm. An attacker may be able to exploit this vulnerability by convincing a user to open a specially crafted gzip file.

Note that the attacker could either 1) convince a user to open a malicious gzip file, or 2) save the file in a place where another program would call gzip to decompress the archive.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or create a denial-of-service condition.

Solution

Upgrade or apply a patch from the vendor
This issue has been addressed in gzip 1.3.6. See the systems affected section of this document for information about specific vendors.

Workarounds
Until updates can be applied, the following workarounds may mitigate the impact of this vulnerability:

Do not decompress gzip files that are received from unknown sources.
Do not execute gzip with system-level privileges.
Some automated processes may rely on gzip to complete their tasks. When possible, disable such programs or do not allow them to execute gzip with root privileges.

Vendor Information

773548

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Apple Computer, Inc. Affected

Debian GNU/Linux Affected

FreeBSD, Inc. Affected

Openwall GNU/*/Linux Affected

Red Hat, Inc. Affected

Slackware Linux Inc. Affected

Ubuntu Affected

Computer Associates Not Affected

Force10 Networks, Inc. Not Affected

Global Technology Associates Not Affected

Hitachi Not Affected

Intoto Not Affected

3com, Inc. Unknown

AT&T Unknown

Aladdin Knowledge Systems Unknown

Alcatel Unknown

Avaya, Inc. Unknown

Avici Systems, Inc. Unknown

Borderware Technologies Unknown

Charlotte's Web Networks Unknown

Check Point Software Technologies Unknown

Chiaro Networks, Inc. Unknown

Cisco Systems, Inc. Unknown

Clavister Unknown

Command Software Systems Unknown

Conectiva Inc. Unknown

Cray Inc. Unknown

CyberSoft, Inc. Unknown

D-Link Systems, Inc. Unknown

Data Connection, Ltd. Unknown

DataFellows Unknown

Debian GNU/Linux Unknown

EMC, Inc. (formerly Data General Corporation) Unknown

Engarde Secure Linux Unknown

Ericsson Unknown

Extreme Networks Unknown

F-PROT by FRISK Software International Unknown

F-Secure Corporation Unknown

F5 Networks, Inc. Unknown

Fedora Project Unknown

Finjan Software Unknown

Fortinet, Inc. Unknown

Foundry Networks, Inc. Unknown

Fujitsu Unknown

GFI Software, Inc. Unknown

Gentoo Linux Unknown

Hewlett-Packard Company Unknown

Hyperchip Unknown

IBM Corporation Unknown

IBM Corporation (zseries) Unknown

IBM eServer Unknown

IP Filter Unknown

Immunix Communications, Inc. Unknown

Ingrian Networks, Inc. Unknown

Inner Media, Inc. Unknown

Intel Corporation Unknown

Internet Security Systems, Inc. Unknown

Juniper Networks, Inc. Unknown

Linksys (A division of Cisco Systems) Unknown

Lucent Technologies Unknown

Luminous Networks Unknown

Mandriva, Inc. Unknown

MessageLabs Unknown

Microsoft Corporation Unknown

MontaVista Software, Inc. Unknown

Multinet (owned Process Software Corporation) Unknown

Multitech, Inc. Unknown

NEC Corporation Unknown

NetBSD Unknown

Network Appliance, Inc. Unknown

NextHop Technologies, Inc. Unknown

Nokia Unknown

Nortel Networks, Inc. Unknown

Novell, Inc. Unknown

OpenBSD Unknown

Proland Software, Inc. Unknown

QNX, Software Systems, Inc. Unknown

Redback Networks, Inc. Unknown

Riverstone Networks, Inc. Unknown

SUSE Linux Unknown

Secure Computing Network Security Division Unknown

Secureworx, Inc. Unknown

Silicon Graphics, Inc. Unknown

Sony Corporation Unknown

Sophos, Inc. Unknown

Stonesoft Unknown

Sun Microsystems, Inc. Unknown

Symantec, Inc. Unknown

The SCO Group Unknown

Trendmicro Unknown

Trustix Secure Linux Unknown

Turbolinux Unknown

Unisys Unknown

Watchguard Technologies, Inc. Unknown

Wind River Systems, Inc. Unknown

ZyXEL Unknown

eSoft, Inc. Unknown

netfilter Unknown

View all 98 vendors View less vendors

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Tavis Ormandy, Google Security Team for reporting this issue.

This document was written by Ryan Giobbi.

Other Information

CVE IDs:	CVE-2006-4337
Severity Metric:	1.57
Date Public:	2006-06-19
Date First Published:	2006-09-19
Date Last Updated:	2011-07-22 12:43 UTC
Document Revision:	44

Software Engineering Institute

CERT Coordination Center

gzip contains a .bss buffer overflow in its LZH handling

Vulnerability Note VU#773548