Mandrake Linux Security Advisory : gzip (MDKSA-2006:167)

High Nessus Plugin ID 24553


The remote Mandrake Linux host is missing a security update.


NULL Dereference (CVE-2006-4334)

A stack modification vulnerability (where a stack buffer can be modified out of bounds, but not in the traditional stack overrun sense) exists in the LZH decompression support of gzip.

A .bss buffer underflow exists in gzip's pack support, where a loop from build_tree() does not enforce any lower bound while constructing the prefix table. (CVE-2006-4336)

A .bss buffer overflow vulnerability exists in gzip's LZH support, due to it's inability to handle exceptional input in the make_table() function, a pathological decoding table can be constructed in such a way as to generate counts so high that the rapid growth of `nextcode` exceeds the size of the table[] buffer. (CVE-2006-4337)

A possible infinite loop exists in code from unlzh.c for traversing the branches of a tree structure. This makes it possible to disrupt the operation of automated systems relying on gzip for data decompression, resulting in a minor DoS. (CVE-2006-4338) Updated packages have been patched to address these issues.


Update the affected gzip package.

Plugin Details

Severity: High

ID: 24553

File Name: mandrake_MDKSA-2006-167.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2007/02/18

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gzip, cpe:/o:mandriva:linux:2006

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2006/09/20

Reference Information

CVE: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338

MDKSA: 2006:167