Full Disclosure mailing list archives
rPSA-2006-0170-1 gzip
From: rPath Update Announcements <announce-noreply () rpath com>
Date: Tue, 19 Sep 2006 13:15:57 -0400
rPath Security Advisory: 2006-0170-1 Published: 2006-09-19 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: gzip=/conary.rpath.com@rpl:devel//1/1.3.5-4-0.1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 https://issues.rpath.com/browse/RPL-615 Description: Previous versions of the gzip package contain multiple vulnerabilities that enable user-complicit unauthorized access when a user attempts to gunzip intentionally malformed gzip files. Some network services will automatically run the gunzip program in some contexts, which may then enable direct unauthorized access to the user account that provides the network service. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- rPSA-2006-0170-1 gzip rPath Update Announcements (Sep 19)