PT-2006-1043 · Ncompress+3 · Ncompress+3

Tomas Hoger

Publicado

2006-08-14

Atualizado

2024-06-15

CVE-2006-1168

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: ncompress versions 4.2.4 busybox versions prior to 1.21.0

Description: The issue affects the decompress function in compress42.c, allowing remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations: For ncompress version 4.2.4, update to a version that fixes the decompress function issue. For busybox versions prior to 1.21.0, update to version 1.21.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the decompress function in compress42.c to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2015-07432

BDU:2015-09676

CESA-2012_0810

CVE-2006-1168

DSA-1149-1

OPENSUSE-SU-2024:10385-1

RHSA-2006:0663

RHSA-2006_0663

RHSA-2012:0308

RHSA-2012:0810

RHSA-2012_0308

RHSA-2012_0810

Produtos afetados

Centos

Red Hat

Busybox

Ncompress

PT-2006-1043 · Ncompress+3 · Ncompress+3

CVE-2006-1168

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 50