Summary
This host is installed with GZip and is prone to Input Validation Vulnerability
Impact
Successful exploitation could result in Denial of Serivce (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive.
Impact Level: Application
Solution
Apply the patch or Upgrade to GZip version 1.3.13, http://www.gzip.org/index-f.html#sources
http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2
*****
NOTE: Ignore this warning, if above mentioned patch is already applied.
*****
Insight
The flaw is due to error in 'huft_build()' function in 'inflate.c', creates a hufts table that is too small.
Affected
GZip version prior to 1.3.13 on Linux.
References
Severity
Classification
-
CVE CVE-2009-2624 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)
- Comodo Internet Security Denial of Service Vulnerability-02
- Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux
- COWON Media Center JetAudio .wav File Denial Of Service Vulnerability
- Dell OpenManage Web Server <= 3.7.1