Vulnerability Note VU#554780
gzip contains a buffer underflow
The gzip program contains a buffer underflow vulnerability that may allow an attacker to execute arbitrary code, or create a denial-of-service condition.
The gzip program is used to compress and decompress archived files.
A buffer underflow vulnerability exists in gzip. An attacker may be able to exploit this vulnerability by convincing a user to open a specially crafted gzip file.
A remote, unauthenticated attacker may be able to execute arbitrary code, or create a denial-of-service condition.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||08 Sep 2006||05 Dec 2006|
|Debian GNU/Linux||Affected||-||04 Oct 2006|
|FreeBSD, Inc.||Affected||08 Sep 2006||29 Sep 2006|
|Openwall GNU/*/Linux||Affected||08 Sep 2006||20 Sep 2006|
|Red Hat, Inc.||Affected||08 Sep 2006||20 Sep 2006|
|Slackware Linux Inc.||Affected||08 Sep 2006||25 Sep 2006|
|Ubuntu||Affected||08 Sep 2006||22 Sep 2006|
|Computer Associates||Not Affected||08 Sep 2006||27 Jul 2007|
|Force10 Networks, Inc.||Not Affected||08 Sep 2006||22 Jul 2011|
|Global Technology Associates||Not Affected||08 Sep 2006||18 Sep 2006|
|Hitachi||Not Affected||08 Sep 2006||20 Sep 2006|
|Intoto||Not Affected||08 Sep 2006||20 Sep 2006|
|3com, Inc.||Unknown||08 Sep 2006||08 Sep 2006|
|Aladdin Knowledge Systems||Unknown||08 Sep 2006||08 Sep 2006|
|Alcatel||Unknown||08 Sep 2006||08 Sep 2006|
CVSS Metrics (Learn More)
Thanks to Tavis Ormandy, Google Security Team for reporting this issue.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-4336
- Date Public: 19 Jun 2006
- Date First Published: 19 Sep 2006
- Date Last Updated: 22 Jul 2011
- Severity Metric: 1.57
- Document Revision: 37
If you have feedback, comments, or additional information about this vulnerability, please send us email.