CVE Vulnerabilities

CVE-2006-1168

Published: Aug 14, 2006 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
5.1 MODERATE
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
UNTRIAGED

The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.

Affected Software

Name Vendor Start Version End Version
Ncompress Ncompress 4.2.4 (including) 4.2.4 (including)
Red Hat Enterprise Linux 3 RedHat ncompress-0:4.2.4-39.rhel3 *
Red Hat Enterprise Linux 4 RedHat ncompress-0:4.2.4-43.rhel4 *
Red Hat Enterprise Linux 5 RedHat busybox-1:1.2.0-13.el5 *
Red Hat Enterprise Linux 6 RedHat busybox-1:1.15.1-15.el6 *
Ncompress Ubuntu dapper *
Ncompress Ubuntu devel *
Ncompress Ubuntu edgy *
Ncompress Ubuntu feisty *
Ncompress Ubuntu gutsy *
Ncompress Ubuntu hardy *
Ncompress Ubuntu intrepid *
Ncompress Ubuntu jaunty *

References