The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ncompress | Ncompress | 4.2.4 (including) | 4.2.4 (including) |
Red Hat Enterprise Linux 3 | RedHat | ncompress-0:4.2.4-39.rhel3 | * |
Red Hat Enterprise Linux 4 | RedHat | ncompress-0:4.2.4-43.rhel4 | * |
Red Hat Enterprise Linux 5 | RedHat | busybox-1:1.2.0-13.el5 | * |
Red Hat Enterprise Linux 6 | RedHat | busybox-1:1.15.1-15.el6 | * |
Ncompress | Ubuntu | dapper | * |
Ncompress | Ubuntu | devel | * |
Ncompress | Ubuntu | edgy | * |
Ncompress | Ubuntu | feisty | * |
Ncompress | Ubuntu | gutsy | * |
Ncompress | Ubuntu | hardy | * |
Ncompress | Ubuntu | intrepid | * |
Ncompress | Ubuntu | jaunty | * |