CVE-2006-1168 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-1168
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1168

Description: The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/28315 SUSE http://www.novell.com/linux/security/advisories/2006_20_sr.html ST 1016836 SGI SAID Secunia Advisory: SA22036 Secunia Advisory: SA21437 Secunia Advisory: SA21880 Secunia Advisory: SA21427 Secunia Advisory: SA21434 Secunia Advisory: SA22296 Secunia Advisory: SA22377 Secunia Advisory: SA21467 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0663.html MISC http://bugs.gentoo.org/show_bug.cgi?id=141728 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:140 GENTOO http://security.gentoo.org/glsa/glsa-200610-03.xml DEBIAN http://www.debian.org/security/2006/dsa-1149 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm BID 19455

Return to the previous page.