61869 : GNU gzip unlzw.c unlzw() Function LZW File Handling Underflow
Printer | http://osvdb.org/61869 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
17	1481	over 3 years ago	5 months ago	18 times	100%

Timeline

Disclosure Date
2010-01-20

Description

gzip contains an underflow condition in the handling of LZW files. The issue is due to the 'unlzw()' function in unlzw.c not validating user-supplied input when handling LZW files. With a specially crafted LZW file, a context-dependent attacker can cause a buffer underflow, resulting in a denial of service or potentially execution of arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

gzip.org

gzip

1.3.14

References

Security Tracker: 1023490
OVAL ID: 10546 7511
CVE ID: 2010-0001 (see also: NVD)
Secunia Advisory ID: 38220 38223 38225 38232 38312 38846 39975 39980 40551 40655 40689
VUPEN Advisory: ADV-2010-0185 ADV-2010-1796 ADV-2010-1872
Vendor Specific News/Changelog Entry: http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034492.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034495.html
http://savannah.gnu.org/forum/forum.php?forum_id=6153
http://support.apple.com/kb/HT4435
https://bugzilla.redhat.com/show_bug.cgi?id=554418
Vendor Specific Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
http://lists.vmware.com/pipermail/security-announce/2010/000093.html
http://ncompress.sourceforge.net/#status
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0013
http://www.debian.org/security/2010/dsa-1974
http://www.ubuntu.com/usn/USN-889-1
Vendor Specific Solution URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
Mail List Post: http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
Other Advisory URL: http://www.debian.org/security/2010/dsa-1974
http://www.debian.org/security/2010/dsa-2074
http://www.mandriva.com/security/advisories?name=MDVSA-2010:019
http://www.mandriva.com/security/advisories?name=MDVSA-2010:020
http://www.mandriva.com/security/advisories?name=MDVSA-2011:152
http://www.ubuntu.com/usn/USN-889-1
Vendor URL: http://www.gzip.org/
RedHat RHSA: RHSA-2010:0061 RHSA-2010:0095

Credit

Aki Helin - Oulu University Secure Programming Group

CVSSv2 Score

CVSSv2 Base Score = 6.8
Source: nvd.nist.gov | Generated: 2010-01-31 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.