CVE-2006-1168

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.

References

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc

http://bugs.gentoo.org/show_bug.cgi?id=141728

http://downloads.avaya.com/css/P8/documents/100158840

http://rhn.redhat.com/errata/RHSA-2012-0810.html

http://secunia.com/advisories/21427

http://secunia.com/advisories/21434

http://secunia.com/advisories/21437

http://secunia.com/advisories/21467

http://secunia.com/advisories/21880

http://secunia.com/advisories/22036

http://secunia.com/advisories/22296

http://secunia.com/advisories/22377

http://security.gentoo.org/glsa/glsa-200610-03.xml

http://securitytracker.com/id?1016836

http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm

http://www.debian.org/security/2006/dsa-1149

http://www.mandriva.com/security/advisories?name=MDKSA-2006:140

http://www.mandriva.com/security/advisories?name=MDVSA-2012:129

http://www.novell.com/linux/security/advisories/2006_20_sr.html

http://www.redhat.com/support/errata/RHSA-2006-0663.html

http://www.securityfocus.com/bid/19455

http://www.vupen.com/english/advisories/2006/3234

https://bugzilla.redhat.com/show_bug.cgi?id=728536

https://exchange.xforce.ibmcloud.com/vulnerabilities/28315

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373

Details

Source: MITRE

Published: 2006-08-14

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ncompress:ncompress:4.2.4:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
79283RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)NessusRed Hat Local Security Checks
high
71168GLSA-201312-02 : BusyBox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
69593Amazon Linux AMI : busybox (ALAS-2012-103)NessusAmazon Linux Local Security Checks
high
68550Oracle Linux 6 : busybox (ELSA-2012-0810)NessusOracle Linux Local Security Checks
high
68479Oracle Linux 5 : busybox (ELSA-2012-0308)NessusOracle Linux Local Security Checks
high
67406Oracle Linux 3 / 4 : ncompress (ELSA-2006-0663)NessusOracle Linux Local Security Checks
high
61978Mandriva Linux Security Advisory : busybox (MDVSA-2012:129-1)NessusMandriva Local Security Checks
high
61337Scientific Linux Security Update : busybox on SL6.x i386/x86_64 (20120620)NessusScientific Linux Local Security Checks
high
61257Scientific Linux Security Update : busybox on SL5.x i386/x86_64 (20120221)NessusScientific Linux Local Security Checks
high
59921CentOS 6 : busybox (CESA-2012:0810)NessusCentOS Local Security Checks
high
59586RHEL 6 : busybox (RHSA-2012:0810)NessusRed Hat Local Security Checks
high
58062RHEL 5 : busybox (RHSA-2012:0308)NessusRed Hat Local Security Checks
high
29527SuSE 10 Security Update : ncompress (ZYPP Patch Number 1911)NessusSuSE Local Security Checks
high
23889Mandrake Linux Security Advisory : ncompress (MDKSA-2006:140)NessusMandriva Local Security Checks
high
22691Debian DSA-1149-1 : ncompress - buffer underflowNessusDebian Local Security Checks
high
22522GLSA-200610-03 : ncompress: Buffer UnderflowNessusGentoo Local Security Checks
high
22345RHEL 2.1 / 3 / 4 : ncompress (RHSA-2006:0663)NessusRed Hat Local Security Checks
high
22338CentOS 3 / 4 : ncompress (CESA-2006:0663)NessusCentOS Local Security Checks
high