This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated ncompress package that fixes a buffer overflow and problem
in the handling of files larger than 2 GB is now available.
The ncompress package contains the compress and uncompress file
compression and decompression utilities, which are compatible with the
original UNIX compress utility (.Z file extensions).
A bug in the way ncompress handles long filenames has been discovered.
ncompress versions 4.2.4 and earlier contain a stack based buffer
overflow when handling very long filenames. It is possible that an
attacker could execute arbitrary code on a victims machine by tricking
the user into decompressing a carefully crafted filename. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2001-1413 to this issue.
This updated ncompress package also fixes a problem in the handling of
files larger than 2 GB.
All users of ncompress should upgrade to this updated package, which
contains fixes for these issues.
See also :
Update the affected ncompress package.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 15959 ()
CVE ID: CVE-2001-1413
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.