CVE-2006-1168
CVSS7.5
发布时间 :2006-08-14 16:04:00
修订时间 :2013-04-18 21:52:54
NMCOPS    

[原文]The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.


[CNNVD]NCompress解压缓冲区溢出漏洞(CNNVD-200608-206)

        ncompress是一个快速压缩程序,兼容于.Z文件,但不兼容.gz文件。
        ncompress的实现上存在边界条件错误,允许攻击者使用畸形的数据流下缓冲区溢出漏洞,可能导致执行任意指令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9373The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), ...
oval:org.mitre.oval:def:21495RHSA-2012:0810: busybox security and bug fix update (Low)
oval:org.mitre.oval:def:20788RHSA-2012:0308: busybox security and bug fix update (Low)
oval:org.mitre.oval:def:23400ELSA-2012:0810: busybox security and bug fix update (Low)
oval:org.mitre.oval:def:22866ELSA-2012:0308: busybox security and bug fix update (Low)
oval:org.mitre.oval:def:27773DEPRECATED: ELSA-2012-0810 -- busybox security and bug fix update (low)
oval:org.mitre.oval:def:27729DEPRECATED: ELSA-2012-0308 -- busybox security and bug fix update (low)
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1168
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1168
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200608-206
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2006/dsa-1149
(VENDOR_ADVISORY)  DEBIAN  DSA-1149
http://secunia.com/advisories/21437
(VENDOR_ADVISORY)  SECUNIA  21437
http://secunia.com/advisories/21434
(VENDOR_ADVISORY)  SECUNIA  21434
https://bugzilla.redhat.com/show_bug.cgi?id=728536
(UNKNOWN)  MISC  https://bugzilla.redhat.com/show_bug.cgi?id=728536
http://www.vupen.com/english/advisories/2006/3234
(UNKNOWN)  VUPEN  ADV-2006-3234
http://www.mandriva.com/security/advisories?name=MDVSA-2012:129
(UNKNOWN)  MANDRIVA  MDVSA-2012:129
http://secunia.com/advisories/21427
(VENDOR_ADVISORY)  SECUNIA  21427
http://rhn.redhat.com/errata/RHSA-2012-0810.html
(UNKNOWN)  REDHAT  RHSA-2012:0810
http://downloads.avaya.com/css/P8/documents/100158840
(UNKNOWN)  CONFIRM  http://downloads.avaya.com/css/P8/documents/100158840
http://bugs.gentoo.org/show_bug.cgi?id=141728
(UNKNOWN)  MISC  http://bugs.gentoo.org/show_bug.cgi?id=141728
http://xforce.iss.net/xforce/xfdb/28315
(UNKNOWN)  XF  ncompress-decompress-underflow(28315)
http://www.securityfocus.com/bid/19455
(UNKNOWN)  BID  19455
http://www.redhat.com/support/errata/RHSA-2006-0663.html
(UNKNOWN)  REDHAT  RHSA-2006:0663
http://www.novell.com/linux/security/advisories/2006_20_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:020
http://www.mandriva.com/security/advisories?name=MDKSA-2006:140
(UNKNOWN)  MANDRIVA  MDKSA-2006:140
http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm
http://securitytracker.com/id?1016836
(UNKNOWN)  SECTRACK  1016836
http://security.gentoo.org/glsa/glsa-200610-03.xml
(UNKNOWN)  GENTOO  GLSA-200610-03
http://secunia.com/advisories/22377
(UNKNOWN)  SECUNIA  22377
http://secunia.com/advisories/22296
(UNKNOWN)  SECUNIA  22296
http://secunia.com/advisories/22036
(UNKNOWN)  SECUNIA  22036
http://secunia.com/advisories/21880
(UNKNOWN)  SECUNIA  21880
http://secunia.com/advisories/21467
(UNKNOWN)  SECUNIA  21467
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
(UNKNOWN)  SGI  20060901-01-P

- 漏洞信息

NCompress解压缓冲区溢出漏洞
高危 边界条件错误
2006-08-14 00:00:00 2006-08-15 00:00:00
远程  
        ncompress是一个快速压缩程序,兼容于.Z文件,但不兼容.gz文件。
        ncompress的实现上存在边界条件错误,允许攻击者使用畸形的数据流下缓冲区溢出漏洞,可能导致执行任意指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Debian
        http://www.debian.org/security/2006/dsa-1149

- 漏洞信息 (F115473)

Mandriva Linux Security Advisory 2012-129-1 (PacketStormID:F115473)
2012-08-11 00:00:00
Mandriva  mandriva.com
advisory,remote,denial of service,arbitrary,shell,code execution
linux,mandriva
CVE-2006-1168,CVE-2011-2716
[点击下载]

Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues. The wrong set of packages was sent out with the MDVSA-2012:129 advisory that lacked the fix for CVE-2006-1168. This advisory provides the correct packages.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2012:129-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : busybox
 Date    : August 10, 2012
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities was found and corrected in busybox:
 
 The decompress function in ncompress allows remote attackers to cause
 a denial of service (crash), and possibly execute arbitrary code,
 via crafted data that leads to a buffer underflow (CVE-2006-1168).
 
 A missing DHCP option checking / sanitization flaw was reported for
 multiple DHCP clients.  This flaw may allow DHCP server to trick DHCP
 clients to set e.g. system hostname to a specially crafted value
 containing shell special characters.  Various scripts assume that
 hostname is trusted, which may lead to code execution when hostname
 is specially crafted (CVE-2011-2716).
 
 Additionally for Mandriva Enterprise Server 5 various problems in
 the ka-deploy and uClibc packages was discovered and fixed with
 this advisory.
 
 The updated packages have been patched to correct these issues.

 Update:

 The wrong set of packages was sent out with the MDVSA-2012:129 advisory
 that lacked the fix for CVE-2006-1168. This advisory provides the
 correct packages.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1168
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2716
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 bf11b9be27bee497a7033176f75786eb  2011/i586/busybox-1.18.4-3.2-mdv2011.0.i586.rpm
 a00544fb8799067f766cf8aa480d4e69  2011/i586/busybox-static-1.18.4-3.2-mdv2011.0.i586.rpm 
 c906766804857a5ba80599610e380675  2011/SRPMS/busybox-1.18.4-3.2.src.rpm

 Mandriva Linux 2011/X86_64:
 af067c810ef4efc245b3de0cdf1e0d36  2011/x86_64/busybox-1.18.4-3.2-mdv2011.0.x86_64.rpm
 63786971c42ab70966a56a1767c454b0  2011/x86_64/busybox-static-1.18.4-3.2-mdv2011.0.x86_64.rpm 
 c906766804857a5ba80599610e380675  2011/SRPMS/busybox-1.18.4-3.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQJSf+mqjQ0CJFipgRAqosAKCwXGGy/B+oa+Vps2jb/5mWWghyUQCg4oYv
gJ0sjlM2kOMZorQJdwQoIsE=
=aAG/
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F115472)

Mandriva Linux Security Advisory 2012-129 (PacketStormID:F115472)
2012-08-11 00:00:00
Mandriva  mandriva.com
advisory,remote,denial of service,arbitrary,shell,code execution
linux,mandriva
CVE-2006-1168,CVE-2011-2716
[点击下载]

Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:129
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : busybox
 Date    : August 10, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities was found and corrected in busybox:
 
 The decompress function in ncompress allows remote attackers to cause
 a denial of service (crash), and possibly execute arbitrary code,
 via crafted data that leads to a buffer underflow (CVE-2006-1168).
 
 A missing DHCP option checking / sanitization flaw was reported for
 multiple DHCP clients.  This flaw may allow DHCP server to trick DHCP
 clients to set e.g. system hostname to a specially crafted value
 containing shell special characters.  Various scripts assume that
 hostname is trusted, which may lead to code execution when hostname
 is specially crafted (CVE-2011-2716).
 
 Additionally for Mandriva Enterprise Server 5 various problems in
 the ka-deploy and uClibc packages was discovered and fixed with
 this advisory.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1168
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2716
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 7eda839ab0451b3069b4c7b462c3c7e6  2011/i586/busybox-1.18.4-3.1-mdv2011.0.i586.rpm
 afc5b858baba240a8daf311281982fa2  2011/i586/busybox-static-1.18.4-3.1-mdv2011.0.i586.rpm 
 71526f79bfe8499fea0d77dfe0a252fd  2011/SRPMS/busybox-1.18.4-3.1.src.rpm

 Mandriva Linux 2011/X86_64:
 ffe0b7192163d7c57ae0ebf639472610  2011/x86_64/busybox-1.18.4-3.1-mdv2011.0.x86_64.rpm
 9a80e96e5b018373f8cc7313718993ff  2011/x86_64/busybox-static-1.18.4-3.1-mdv2011.0.x86_64.rpm 
 71526f79bfe8499fea0d77dfe0a252fd  2011/SRPMS/busybox-1.18.4-3.1.src.rpm

 Mandriva Enterprise Server 5:
 b934b1ea4a3507d5792fc2b98ece457b  mes5/i586/busybox-1.6.1-5.1mdvmes5.2.i586.rpm
 b2cafe1f5d4736d8f756fed5b860954d  mes5/i586/ka-deploy-server-0.94.4-0.2mdvmes5.2.i586.rpm
 4cdee19ce25eff46f32867b0987808e5  mes5/i586/ka-deploy-source-node-0.94.4-0.2mdvmes5.2.i586.rpm
 090681e425343f32afdcfc45ccfc38ed  mes5/i586/uClibc-0.9.28.1-5.1mdvmes5.2.i586.rpm
 28e514241585b879386fbca310b47b9e  mes5/i586/uClibc-devel-0.9.28.1-5.1mdvmes5.2.i586.rpm
 b38a4038cc558b690834eb3523dcdf7e  mes5/i586/uClibc-static-devel-0.9.28.1-5.1mdvmes5.2.i586.rpm 
 d9426a5f52e3e0cc44fc020b057e26e1  mes5/SRPMS/busybox-1.6.1-5.1mdvmes5.2.src.rpm
 572e853960052b860bb871e57252ad6f  mes5/SRPMS/ka-deploy-0.94.4-0.2mdvmes5.2.src.rpm
 fa74d4032e7f3cc87ca7d75f18e11a61  mes5/SRPMS/uClibc-0.9.28.1-5.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 f941396521694b20340da46dfc711212  mes5/x86_64/busybox-1.6.1-5.1mdvmes5.2.x86_64.rpm
 08686bc10a646f07778b4ae9b64431b8  mes5/x86_64/ka-deploy-server-0.94.4-0.2mdvmes5.2.x86_64.rpm
 321dc65777647855b61afb01f24b9478  mes5/x86_64/ka-deploy-source-node-0.94.4-0.2mdvmes5.2.x86_64.rpm
 000bb5e649837c746584092d7990b2ad  mes5/x86_64/uClibc-0.9.28.1-5.1mdvmes5.2.x86_64.rpm
 90ff537b9b6f9403fa1e75d5c2accbde  mes5/x86_64/uClibc-devel-0.9.28.1-5.1mdvmes5.2.x86_64.rpm
 3fcfb13393f23c67083f2406ae6ad8c5  mes5/x86_64/uClibc-static-devel-0.9.28.1-5.1mdvmes5.2.x86_64.rpm 
 d9426a5f52e3e0cc44fc020b057e26e1  mes5/SRPMS/busybox-1.6.1-5.1mdvmes5.2.src.rpm
 572e853960052b860bb871e57252ad6f  mes5/SRPMS/ka-deploy-0.94.4-0.2mdvmes5.2.src.rpm
 fa74d4032e7f3cc87ca7d75f18e11a61  mes5/SRPMS/uClibc-0.9.28.1-5.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQJSHEmqjQ0CJFipgRAiGSAJ98naeq+Y0bXviIIvDhKdipDqSQ4wCdHMBA
09ereRjH0OzNcue9Hiq8sqg=
=FpbS
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F113931)

Red Hat Security Advisory 2012-0810-04 (PacketStormID:F113931)
2012-06-20 00:00:00
Red Hat  
advisory,arbitrary,shell
linux,redhat
CVE-2006-1168,CVE-2011-2716
[点击下载]

Red Hat Security Advisory 2012-0810-04 - BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: busybox security and bug fix update
Advisory ID:       RHSA-2012:0810-04
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0810.html
Issue date:        2012-06-20
CVE Names:         CVE-2006-1168 CVE-2011-2716 
=====================================================================

1. Summary:

Updated busybox packages that fix two security issues and several bugs are
now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

BusyBox provides a single binary that includes versions of a large number
of system commands, including a shell. This can be very useful for
recovering from certain types of system failures, particularly those
involving broken shared libraries.

A buffer underflow flaw was found in the way the uncompress utility of
BusyBox expanded certain archive files compressed using Lempel-Ziv
compression. If a user were tricked into expanding a specially-crafted
archive file with uncompress, it could cause BusyBox to crash or,
potentially, execute arbitrary code with the privileges of the user
running BusyBox. (CVE-2006-1168)

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain
options provided in DHCP server replies, such as the client hostname. A
malicious DHCP server could send such an option with a specially-crafted
value to a DHCP client. If this option's value was saved on the client
system, and then later insecurely evaluated by a process that assumes the
option is trusted, it could lead to arbitrary code execution with the
privileges of that process. Note: udhcpc is not used on Red Hat Enterprise
Linux by default, and no DHCP client script is provided with the busybox
packages. (CVE-2011-2716)

This update also fixes the following bugs:

* Prior to this update, the "findfs" command did not recognize Btrfs
partitions. As a consequence, an error message could occur when dumping a
core file. This update adds support for recognizing such partitions so
the problem no longer occurs. (BZ#751927)

* If the "grep" command was used with the "-F" and "-i" options at the
same time, the "-i" option was ignored. As a consequence, the "grep -iF"
command incorrectly performed a case-sensitive search instead of an
insensitive search. A patch has been applied to ensure that the combination
of the "-F" and "-i" options works as expected. (BZ#752134)

* Prior to this update, the msh shell did not support the "set -o pipefail"
command. This update adds support for this command. (BZ#782018)

* Previously, the msh shell could terminate unexpectedly with a
segmentation fault when attempting to execute an empty command as a result
of variable substitution (for example msh -c '$nonexistent_variable').
With this update, msh has been modified to correctly interpret such
commands and no longer crashes in this scenario. (BZ#809092)

* Previously, the msh shell incorrectly executed empty loops. As a
consequence, msh never exited such a loop even if the loop condition was
false, which could cause scripts using the loop to become unresponsive.
With this update, msh has been modified to execute and exit empty loops
correctly, so that hangs no longer occur. (BZ#752132)

All users of busybox are advised to upgrade to these updated packages,
which contain backported patches to fix these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

201919 - CVE-2006-1168 ncompress: .bss buffer underflow in decompression
725364 - CVE-2011-2716 busybox: udhcpc insufficient checking of DHCP options
752134 - "busybox grep -Fi" doesn't work as expected
809092 - msh crasher bug

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm

i386:
busybox-1.15.1-15.el6.i686.rpm

x86_64:
busybox-1.15.1-15.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm

i386:
busybox-petitboot-1.15.1-15.el6.i686.rpm

x86_64:
busybox-petitboot-1.15.1-15.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm

x86_64:
busybox-1.15.1-15.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm

x86_64:
busybox-petitboot-1.15.1-15.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm

i386:
busybox-1.15.1-15.el6.i686.rpm

ppc64:
busybox-1.15.1-15.el6.ppc64.rpm

s390x:
busybox-1.15.1-15.el6.s390x.rpm

x86_64:
busybox-1.15.1-15.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm

i386:
busybox-petitboot-1.15.1-15.el6.i686.rpm

ppc64:
busybox-petitboot-1.15.1-15.el6.ppc64.rpm

s390x:
busybox-petitboot-1.15.1-15.el6.s390x.rpm

x86_64:
busybox-petitboot-1.15.1-15.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm

i386:
busybox-1.15.1-15.el6.i686.rpm

x86_64:
busybox-1.15.1-15.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm

i386:
busybox-petitboot-1.15.1-15.el6.i686.rpm

x86_64:
busybox-petitboot-1.15.1-15.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2006-1168.html
https://www.redhat.com/security/data/cve/CVE-2011-2716.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFP4YqqXlSAg2UNWIIRAjdVAJ96VHA7n7IOhYAWL7vwHeOPTn3YJQCdFRUW
bt1lqoyrBL1/TH4AmucaKNs=
=dzKG
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F110001)

Red Hat Security Advisory 2012-0308-03 (PacketStormID:F110001)
2012-02-21 00:00:00
Red Hat  
advisory,arbitrary,shell
linux,redhat
CVE-2006-1168,CVE-2011-2716
[点击下载]

Red Hat Security Advisory 2012-0308-03 - BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: busybox security and bug fix update
Advisory ID:       RHSA-2012:0308-03
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0308.html
Issue date:        2012-02-21
CVE Names:         CVE-2006-1168 CVE-2011-2716 
=====================================================================

1. Summary:

Updated busybox packages that fix two security issues and two bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

BusyBox provides a single binary that includes versions of a large number
of system commands, including a shell. This can be very useful for
recovering from certain types of system failures, particularly those
involving broken shared libraries.

A buffer underflow flaw was found in the way the uncompress utility of
BusyBox expanded certain archive files compressed using Lempel-Ziv
compression. If a user were tricked into expanding a specially-crafted
archive file with uncompress, it could cause BusyBox to crash or,
potentially, execute arbitrary code with the privileges of the user running
BusyBox. (CVE-2006-1168)

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain
options provided in DHCP server replies, such as the client hostname. A
malicious DHCP server could send such an option with a specially-crafted
value to a DHCP client. If this option's value was saved on the client
system, and then later insecurely evaluated by a process that assumes the
option is trusted, it could lead to arbitrary code execution with the
privileges of that process. Note: udhcpc is not used on Red Hat Enterprise
Linux by default, and no DHCP client script is provided with the busybox
packages. (CVE-2011-2716)

This update also fixes the following bugs:

* Prior to this update, the cp command wrongly returned the exit code 0 to
indicate success if a device ran out of space while attempting to copy
files of more than 4 gigabytes. This update modifies BusyBox, so that in
such situations, the exit code 1 is returned. Now, the cp command shows
correctly whether a process failed. (BZ#689659)

* Prior to this update, the findfs command failed to check all existing
block devices on a system with thousands of block device nodes in "/dev/".
This update modifies BusyBox so that findfs checks all block devices even
in this case. (BZ#756723)

All users of busybox are advised to upgrade to these updated packages,
which correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

201919 - CVE-2006-1168 ncompress: .bss buffer underflow in decompression
689659 - "busybox cp" does not return a correct exit code when "No space left on device"
725364 - CVE-2011-2716 busybox: udhcpc insufficient checking of DHCP options

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/busybox-1.2.0-13.el5.src.rpm

i386:
busybox-1.2.0-13.el5.i386.rpm
busybox-anaconda-1.2.0-13.el5.i386.rpm

x86_64:
busybox-1.2.0-13.el5.x86_64.rpm
busybox-anaconda-1.2.0-13.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/busybox-1.2.0-13.el5.src.rpm

i386:
busybox-1.2.0-13.el5.i386.rpm
busybox-anaconda-1.2.0-13.el5.i386.rpm

ia64:
busybox-1.2.0-13.el5.ia64.rpm
busybox-anaconda-1.2.0-13.el5.ia64.rpm

ppc:
busybox-1.2.0-13.el5.ppc.rpm
busybox-anaconda-1.2.0-13.el5.ppc.rpm

s390x:
busybox-1.2.0-13.el5.s390x.rpm
busybox-anaconda-1.2.0-13.el5.s390x.rpm

x86_64:
busybox-1.2.0-13.el5.x86_64.rpm
busybox-anaconda-1.2.0-13.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2006-1168.html
https://www.redhat.com/security/data/cve/CVE-2011-2716.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyMjXlSAg2UNWIIRAtsmAKCHQFq9zIBT1ytvuju+KpmtBHW4/gCeNg/5
E12Zm9ZS69gQP9qN8MdudeU=
=DWg5
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F106598)

Mandriva Linux Security Advisory 2011-167 (PacketStormID:F106598)
2011-11-04 00:00:00
Mandriva  mandriva.com
advisory,remote,overflow,arbitrary
linux,mandriva
CVE-2006-1168,CVE-2011-2895,CVE-2011-2896
[点击下载]

Mandriva Linux Security Advisory 2011-167 - A vulnerability has been discovered and corrected in gimp. The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream. The updated packages have been patched to correct these issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:167
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : gimp
 Date    : November 4, 2011
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in gimp:
 
 The LZW decompressor in the LWZReadByte function in giftoppm.c in
 the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw
 function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte
 function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier,
 the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4
 and earlier, and other products, does not properly handle code words
 that are absent from the decompression table when encountered, which
 allows remote attackers to trigger an infinite loop or a heap-based
 buffer overflow, and possibly execute arbitrary code, via a crafted
 compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895
 (CVE-2011-2896).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 6765f41707b43b717ddb8dd3bfa4cdbc  2010.1/i586/gimp-2.6.8-3.2mdv2010.2.i586.rpm
 4c1aab6b423ab88f2fa0bb507a7c60bf  2010.1/i586/gimp-python-2.6.8-3.2mdv2010.2.i586.rpm
 7fd3284b7bc8696ae8075f1a7349c732  2010.1/i586/libgimp2.0_0-2.6.8-3.2mdv2010.2.i586.rpm
 a61333781b8723af9f45dbb94ce9bbb9  2010.1/i586/libgimp2.0-devel-2.6.8-3.2mdv2010.2.i586.rpm 
 f4a4c0635712389d3a438818c3bbde7c  2010.1/SRPMS/gimp-2.6.8-3.2mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 d2ed9cb97e27c8ae7a718b904d442cd1  2010.1/x86_64/gimp-2.6.8-3.2mdv2010.2.x86_64.rpm
 a60fb4df9340ce11a17f8b3c0011c2ac  2010.1/x86_64/gimp-python-2.6.8-3.2mdv2010.2.x86_64.rpm
 55a40dfc4c289c48a0971c4fbb01d395  2010.1/x86_64/lib64gimp2.0_0-2.6.8-3.2mdv2010.2.x86_64.rpm
 dd6d1abb065aa27644b369061f666b0c  2010.1/x86_64/lib64gimp2.0-devel-2.6.8-3.2mdv2010.2.x86_64.rpm 
 f4a4c0635712389d3a438818c3bbde7c  2010.1/SRPMS/gimp-2.6.8-3.2mdv2010.2.src.rpm

 Mandriva Linux 2011:
 40025c9fcafb3d02bd37c92b940c353d  2011/i586/gimp-2.6.11-7.1-mdv2011.0.i586.rpm
 5a3226c6ecdbbae83b90ed9e28c6941a  2011/i586/gimp-python-2.6.11-7.1-mdv2011.0.i586.rpm
 9f156b65a74d0b74538f50b441cc37c4  2011/i586/libgimp2.0_0-2.6.11-7.1-mdv2011.0.i586.rpm
 af0d3a7478773243aa76d99f148b5186  2011/i586/libgimp2.0-devel-2.6.11-7.1-mdv2011.0.i586.rpm 
 4b4024953d52232e1cf0f308dc3a16dc  2011/SRPMS/gimp-2.6.11-7.1.src.rpm

 Mandriva Linux 2011/X86_64:
 f8f0140aebd1666c5d10b09f57de20cc  2011/x86_64/gimp-2.6.11-7.1-mdv2011.0.x86_64.rpm
 d27e9d2ef098ad86d3f68adf1c5f49ca  2011/x86_64/gimp-python-2.6.11-7.1-mdv2011.0.x86_64.rpm
 da1fa7693e5cd7dd8d9807912a61161a  2011/x86_64/lib64gimp2.0_0-2.6.11-7.1-mdv2011.0.x86_64.rpm
 453e8a82d6e7425a7a5e2758a5e6879d  2011/x86_64/lib64gimp2.0-devel-2.6.11-7.1-mdv2011.0.x86_64.rpm 
 4b4024953d52232e1cf0f308dc3a16dc  2011/SRPMS/gimp-2.6.11-7.1.src.rpm

 Mandriva Enterprise Server 5:
 5ca4859d1aab6879d30e6b2188f38d4a  mes5/i586/gimp-2.4.7-1.4mdvmes5.2.i586.rpm
 b6baebc7a47430b09816c43fee81370f  mes5/i586/gimp-python-2.4.7-1.4mdvmes5.2.i586.rpm
 b22ac83c1f8d96d5919aaabe1af9aada  mes5/i586/libgimp2.0_0-2.4.7-1.4mdvmes5.2.i586.rpm
 73b245e8d872bfabaa20787c454e175b  mes5/i586/libgimp2.0-devel-2.4.7-1.4mdvmes5.2.i586.rpm 
 2bc33101108e4bcddd0ccdf6a927958d  mes5/SRPMS/gimp-2.4.7-1.4mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 b5083b87e10faef50207e0774dbd4d1c  mes5/x86_64/gimp-2.4.7-1.4mdvmes5.2.x86_64.rpm
 efaa99214382712e2656780b06ef63a0  mes5/x86_64/gimp-python-2.4.7-1.4mdvmes5.2.x86_64.rpm
 008a36ea72e6578a25afd25769893db1  mes5/x86_64/lib64gimp2.0_0-2.4.7-1.4mdvmes5.2.x86_64.rpm
 b30995cb00d18e05a7e4221d0918af15  mes5/x86_64/lib64gimp2.0-devel-2.4.7-1.4mdvmes5.2.x86_64.rpm 
 2bc33101108e4bcddd0ccdf6a927958d  mes5/SRPMS/gimp-2.4.7-1.4mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOs/4bmqjQ0CJFipgRAqWWAKCp7TdpAx/vms4vKBT9TyL4+/VC/wCgqIdr
NtjcO/GtUEHG2dDM3IU0j7Q=
=kSjd
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F49248)

Debian Linux Security Advisory 1149-1 (PacketStormID:F49248)
2006-08-27 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-1168
[点击下载]

Debian Security Advisory 1149-1 - Tavis Ormandy from the Google Security Team discovered a missing boundary check in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a buffer with attacker controlled data.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1149-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 10th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ncompress
Vulnerability  : buffer underflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2006-1168

Tavis Ormandy from the Google Security Team discovered a missing
boundary check in ncompress, the original Lempel-Ziv compress and
uncompress programs, which allows a specially crafted datastream to
underflow a buffer with attacker controlled data.

For the stable distribution (sarge) this problem has been fixed in
version 4.2.4-15sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 4.2.4-15sarge2.

We recommend that you upgrade your ncompress package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2.dsc
      Size/MD5 checksum:      591 8fa14e666180e8a37491dcd33114dbff
    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2.diff.gz
      Size/MD5 checksum:     8124 1b7aa0d3079f334202df5d1c77e0f9bf
    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.orig.tar.gz
      Size/MD5 checksum:    31765 7ef0d51aee53b6cd5c6aefe637491281

  Alpha architecture:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_alpha.deb
      Size/MD5 checksum:    24370 72b955790079338f98afd62c49644897

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_amd64.deb
      Size/MD5 checksum:    22924 58d6732c316a9317171c97e74e2cbe44

  ARM architecture:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_arm.deb
      Size/MD5 checksum:    22522 3ec1cfdab5e4811ca5246a11b94b244d

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_i386.deb
      Size/MD5 checksum:    22158 a875189b26255c72ad2ec532c23eef05

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_ia64.deb
      Size/MD5 checksum:    26442 ef71240d1b7b4a699b5f817a46f7ead9

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_hppa.deb
      Size/MD5 checksum:    24484 51c63bab7d53aa3392e268aec4d271ab

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_m68k.deb
      Size/MD5 checksum:    21536 2cf5bbb67a3f32db857c75a2d352f47a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_mips.deb
      Size/MD5 checksum:    23878 a71db49787837da587552030045c73c1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_mipsel.deb
      Size/MD5 checksum:    23822 22ad68863b79b4bdf5302141be22deb6

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_powerpc.deb
      Size/MD5 checksum:    22912 bafe112da108e4b66d64342b55ac4a47

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_s390.deb
      Size/MD5 checksum:    22958 a8f180c5182ab1040746e66dfa99a6e1

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_sparc.deb
      Size/MD5 checksum:    22532 db6aed643f82c6a0c0bdfded603d97be


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE2sUbW5ql+IAeqTIRAtWPAJ9uT1SODfKinzWORoDT4L+Y5o+P6ACfTdce
O16Pi4c2wgq4693Ir5wG0mU=
=hR4S
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F49238)

Mandriva Linux Security Advisory 2006.140 (PacketStormID:F49238)
2006-08-27 00:00:00
Mandriva  mandriva.com
advisory
linux,mandriva
CVE-2006-1168
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-140 - Tavis Ormandy, of the Google Security Team, discovered that ncompress, when uncompressing data, performed no bounds checking, which could allow a specially crafted datastream to underflow a .bss buffer with attacker controlled data.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:140
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ncompress
 Date    : August 9, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Tavis Ormandy, of the Google Security Team, discovered that ncompress,
 when uncompressing data, performed no bounds checking, which could
 allow a specially crafted datastream to underflow a .bss buffer with
 attacker controlled data.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1168
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 a1e4fe7d74a1c8e043beb83baec7b34b  2006.0/RPMS/ncompress-4.2.4-28.1.20060mdk.i586.rpm
 4b87e1b5ba659ce410067b09a75d669e  2006.0/SRPMS/ncompress-4.2.4-28.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 7ce7f3a618b9c3687936145e2563733a  x86_64/2006.0/RPMS/ncompress-4.2.4-28.1.20060mdk.x86_64.rpm
 4b87e1b5ba659ce410067b09a75d669e  x86_64/2006.0/SRPMS/ncompress-4.2.4-28.1.20060mdk.src.rpm

 Corporate 3.0:
 30ecc6154bc75783218b82961288b085  corporate/3.0/RPMS/ncompress-4.2.4-28.1.C30mdk.i586.rpm
 bda272f060534aa25bebf22ed852f647  corporate/3.0/SRPMS/ncompress-4.2.4-28.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c9340a5c9bea0316f31fc61f6916f192  x86_64/corporate/3.0/RPMS/ncompress-4.2.4-28.1.C30mdk.x86_64.rpm
 bda272f060534aa25bebf22ed852f647  x86_64/corporate/3.0/SRPMS/ncompress-4.2.4-28.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE2hM+mqjQ0CJFipgRAqJqAKDtkcDrEKN78rSDjBTbYYuHzLtVjACg0AMJ
GA0qOfhRJ4DDBEEktUlC7Lo=
=8eg9
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F124266)

Gentoo Linux Security Advisory 201312-02 (PacketStormID:F124266)
2013-12-04 00:00:00
Gentoo  security.gentoo.org
advisory,remote,denial of service,arbitrary,vulnerability
linux,gentoo
CVE-2006-1168,CVE-2011-2716,CVE-2013-1813
[点击下载]

Gentoo Linux Security Advisory 201312-2 - Multiple vulnerabilities have been found in BusyBox, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.21.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201312-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: BusyBox: Multiple vulnerabilities
     Date: December 03, 2013
     Bugs: #379857, #426504, #461372
       ID: 201312-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in BusyBox, allowing remote
attackers to execute arbitrary code or cause a Denial of Service
condition.

Background
==========

BusyBox is set of tools for embedded systems and is a replacement for
GNU Coreutils.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  sys-apps/busybox             < 1.21.0                  >= 1.21.0

Description
===========

Multiple vulnerabilities have been discovered in BusyBox. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker could send a specially crafted DHCP request to
possibly execute arbitrary code or cause Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All BusyBox users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.21.0"

References
==========

[ 1 ] CVE-2006-1168
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1168
[ 2 ] CVE-2011-2716
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2716
[ 3 ] CVE-2013-1813
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1813

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201312-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
    

- 漏洞信息

27868
ncompress decompress() Function Datastream Handling Overflow
Remote / Network Access Input Manipulation
Loss of Integrity Patch / RCS, Upgrade
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-08-10 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

NCompress Decompress Buffer Underflow Vulnerability
Boundary Condition Error 19455
Yes No
2006-08-09 12:00:00 2012-08-10 07:02:00
Tavis Ormandy discovered this vulnerability.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise Server 10
SGI Advanced Linux Environment 3.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Red Hat Enterprise Linux 5 Server
Oracle Enterprise Linux 5
ncompress ncompress 4.2.4
ncompress ncompress 4.2.3
ncompress ncompress 4.2.2
ncompress ncompress 4.2.1
ncompress ncompress 4.1
ncompress ncompress 4.0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
BusyBox BusyBox 1.18.5
Avaya Voice Portal 5.1.2
Avaya Voice Portal 5.1.1
Avaya Voice Portal 5.1 SP1
Avaya Voice Portal 5.1
Avaya Voice Portal 5.1
Avaya Voice Portal 5.0 SP2
Avaya Voice Portal 5.0 SP1
Avaya Voice Portal 5.0
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8710 CM 3.1
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8700 CM 3.1
Avaya S8500 0
Avaya S8300 0
Avaya Proactive Contact 5.0
Avaya Messaging Storage Server MM3.0
Avaya Messaging Storage Server 2.0
Avaya Messaging Storage Server 1.0
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX
Avaya Integrated Management
Avaya CVLAN
Avaya Aura Presence Services 6.1.1
Avaya Aura Presence Services 6.1
Avaya Aura Presence Services 6.0
Avaya Aura Messaging 6.0.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Messaging 6.0
Avaya Aura Experience Portal 6.0
Avaya Aura Communication Manager 6.0.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Communication Manager 6.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Application Enablement Services 5.2.1
Avaya Aura Application Enablement Services 6.1.1
Avaya Aura Application Enablement Services 6.1
Avaya Aura Application Enablement Services 5.2.3
Avaya Aura Application Enablement Services 5.2.2
Avaya Aura Application Enablement Services 5.2
Avaya 96x1 IP Deskphone 6

- 漏洞讨论

The ncompress utility is prone to a buffer-underflow vulnerability. When ncompress decompresses data, it fails to perform appropriate bounds checking, which may allow certain decompress operations to underflow an internal buffer. This may cause unpredictable effects on vulnerable systems.

Version 4.2.4 is reportedly vulnerable to this issue; earlier versions may be affected as well.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Updates are available. Please see the references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站