Advertisement
Home arrow ITsec Advisories arrow DSA-1149-1: ncompress buffer underflow
Saturday, 22 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
DSA-1149-1: ncompress buffer underflow PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Marcelo Almeida (Vympel)   
Thursday, 10 August 2006

Debian Security Advisory

Date Reported: 10 Aug 2006
Affected Packages:ncompress
Vulnerable: Yes
Security database references:In Mitre's CVE dictionary: CVE-2006-1168.
More information:  Tavis Ormandy from the Google Security Team discovered a missing boundary check in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a buffer with attacker controlled data....

For the stable distribution (sarge) this problem has been fixed in version 4.2.4-15sarge2.

For the unstable distribution (sid) this problem has been fixed in version 4.2.4-15sarge2.

We recommend that you upgrade your ncompress package.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Source:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2.dsc
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2.diff.gz
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_sparc.deb

MD5 checksums of the listed files are available in the original advisory.


Comments Index (Total Messages: 0)


Post Reply
Name:Guest
Title:
Comment:



Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!