FreeBSD : gzip -- multiple vulnerabilities (11a84092-8f9f-11db-ab33-000e0c2e438a)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Problem Description Multiple programming errors have been found in
gzip which can be triggered when gzip is decompressing files. These
errors include insufficient bounds checks in buffer use, a NULL
pointer dereference, and a potential infinite loop. Impact The
insufficient bounds checks in buffer use can cause gzip to crash, and
may permit the execution of arbitrary code. The NULL pointer deference
can cause gzip to crash. The infinite loop can cause a
Denial-of-Service situation where gzip uses all available CPU time.
Workaround No workaround is available.

See also :

http://www.nessus.org/u?7c0a405f

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.1
(CVSS2#E:U/RL:ND/RC:UR)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 25437 (freebsd_pkg_11a840928f9f11dbab33000e0c2e438a.nasl)

Bugtraq ID:

CVE ID: CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now