This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
A vulnerability has been found and corrected in ncompress :
An integer underflow leading to array index error was found in the way
gzip used to decompress files / archives, compressed with the
Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could
provide a specially crafted LZW compressed gzip archive, which once
decompressed by a local, unsuspecting user would lead to gzip crash,
or, potentially to arbitrary code execution with the privileges of the
user running gzip (CVE-2010-0001).
The updated packages have been upgraded to the 220.127.116.11 version which
is not vulnerable to this issue.
Update the affected ncompress package.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false