Mandriva Update For Ncompress MDVSA-2011:152 (ncompress) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in ncompress: An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip (CVE-2010-0001). The updated packages have been upgraded to the 4.2.4.4 version which is not vulnerable to this issue.

Affected

ncompress on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2010-0001

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:192 (phpmyadmin)
Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin)
Mandrake Security Advisory MDVSA-2009:107 (acpid)
Mandrake Security Advisory MDVSA-2009:120 (openssl)
Mandrake Security Advisory MDVSA-2009:114 (ipsec-tools)

Mandriva Update for ncompress MDVSA-2011:152 (ncompress)

Take action and discover your vulnerabilities