Summary
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-11:04.compress.asc
Solution
Upgrade your system to the appropriate stable release or security branch dated after the correction date
https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-11:04.compress.asc
Insight
The compress utility reduces the size of files using adaptive Lempel-Ziv coding, or LZW coding, a lossless data compression algorithm.
Both compress(1) and gzip(1) uses code derived from 4.3BSD compress(1).
The code used to decompress a file created by compress(1) does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file.
Severity
Classification
-
CVE CVE-2011-2895 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities