Info

Disclosure

Sep 20, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Gzip contains a flaw that may allow a remote denial of service. The issue is triggered due to a NULL pointer dereference within the 'huft_build()' function and an infinite loop within the LZH handling, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, multiple vendors have independently released a patch to address this vulnerability.

Products

gzip.org

gzip

1.3.5

References

CVE ID: 2006-4338 (see also: NVD)
Secunia Advisory ID: 21996 22002 22009 22012 22017 22027 22033 22034 22043 22085 22101 22435 22487 22661 23153 23155 23156 23679 23785 24435 24636
Related OSVDB ID: 29004 29005 29006 29007
Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://docs.info.apple.com/article.html?artnum=304829
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00797077
http://lists.suse.com/archive/suse-security-announce/2006-Sep/0010.html
http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm
http://www.gentoo.org/security/en/glsa/glsa-200609-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:167
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html
http://www.trustix.org/errata/2006/0052/
Keyword: HPSBTU02168,SSRT061237
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0007.html
http://archives.neohapsis.com/archives/bugtraq/2007-03/0404.html
Other Advisory URL: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1
http://www.gentoo.org/security/en/glsa/glsa-200611-24.xml
http://www.ipcop.org/modules.php?op=modload&name=News&file=article&sid=31&mode=thread&order=0&thold=0
http://www.ubuntu.com/usn/usn-349-1
http://www.us.debian.org/security/2006/dsa-1181
https://issues.rpath.com/browse/RPL-615
Vendor Specific News/Changelog Entry: http://kb.vmware.com/kb/5031800
http://sourceforge.jp/projects/lha/document/lha_1.14i-ac20050924p1_-_Changes/
News Article: http://news.com.com/Apple+Mac+OS+X+patch+plugs+31+vulnerabilities/2100-1002_3-6139117.html
Vendor URL: http://www.gzip.org/
RedHat RHSA: RHSA-2006:0667

Credit

Tavis Ormandy - tavisogoogle.com - Google Information Security Team

Direct URL: http://osvdb.org/29008