Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1168

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1168
Last Modified 18 Apr 2013 09:52:54
Published 14 Aug 2006 04:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1168

Summary

The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.

Vulnerable Systems

Application

  • Ncompress 4.2.4


References

DEBIAN - DSA-1149

SECUNIA - 21437

SECUNIA - 21434

VUPEN - ADV-2006-3234

SECUNIA - 21427

MISC - http://bugs.gentoo.org/show_bug.cgi?id=141728

XF - ncompress-decompress-underflow(28315)

BID - 19455

REDHAT - RHSA-2006:0663

SUSE - SUSE-SR:2006:020

MANDRIVA - MDKSA-2006:140

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm

SECTRACK - 1016836

GENTOO - GLSA-200610-03

SECUNIA - 22377

SECUNIA - 22296

SECUNIA - 22036

SECUNIA - 21880

SECUNIA - 21467

SGI - 20060901-01-P

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=728536

REDHAT - RHSA-2012:0810

CONFIRM - http://downloads.avaya.com/css/P8/documents/100158840

MANDRIVA - MDVSA-2012:129

Related Patches

Red Hat 2012:0308-03 RHSA Low: busybox security and bug fix update for RHEL 5 x86

Red Hat 2012:0308-03 RHSA Low: busybox security and bug fix update for RHEL 5 x86_64


Last Updated: 27 May 2016 10:54:50