Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-1168

Published: 14/08/2006 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote malicious users to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.

Vulnerable Product Search on Vulmon Subscribe to Product

ncompress ncompress 4.2.4

Vendor Advisories

Red Hat: Low: busybox security and bug fix update
Synopsis Low: busybox security and bug fix update Type/Severity Security Advisory: Low Topic Updated busybox packages that fix two security issues and several bugs arenow available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having lowsecurity impact Common Vu ...
Red Hat: Low: busybox security and bug fix update
Synopsis Low: busybox security and bug fix update Type/Severity Security Advisory: Low Topic Updated busybox packages that fix two security issues and two bugs are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity impact Common Vulner ...
Debian Security Advisories: DSA-1149-1 ncompress -- buffer underflow
Tavis Ormandy from the Google Security Team discovered a missing boundary check in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a buffer with attacker controlled data For the stable distribution (sarge) this problem has been fixed in version 424-15sarge2 For the un ...
Amazon Linux AMI: ALAS-2012-103
A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running ...

References

NVD-CWE-Otherhttp://secunia.com/advisories/21437https://exchange.xforce.ibmcloud.com/vulnerabilities/28315http://security.gentoo.org/glsa/glsa-200610-03.xmlhttp://www.novell.com/linux/security/advisories/2006_20_sr.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:140http://secunia.com/advisories/22296https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373http://www.securityfocus.com/bid/19455http://downloads.avaya.com/css/P8/documents/100158840http://bugs.gentoo.org/show_bug.cgi?id=141728http://secunia.com/advisories/21434http://www.debian.org/security/2006/dsa-1149http://secunia.com/advisories/21467http://support.avaya.com/elmodocs2/security/ASA-2006-226.htmftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.aschttp://www.redhat.com/support/errata/RHSA-2006-0663.htmlhttp://www.vupen.com/english/advisories/2006/3234http://rhn.redhat.com/errata/RHSA-2012-0810.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=728536http://secunia.com/advisories/22377http://secunia.com/advisories/21427http://securitytracker.com/id?1016836http://secunia.com/advisories/22036http://secunia.com/advisories/21880http://www.mandriva.com/security/advisories?name=MDVSA-2012:129https://access.redhat.com/errata/RHSA-2012:0810https://nvd.nist.govhttps://www.debian.org/security/./dsa-1149
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook