CVE-2009-2624

Related Files

Gentoo Linux Security Advisory 201412-08

Posted Dec 12, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.

tags | advisory, remote, local, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2006-3005, CVE-2007-2741, CVE-2008-0553, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2008-6661, CVE-2009-0040, CVE-2009-0360, CVE-2009-0361, CVE-2009-0946, CVE-2009-2042, CVE-2009-2624, CVE-2009-3736, CVE-2009-4029, CVE-2009-4411, CVE-2009-4896, CVE-2010-0001, CVE-2010-0436, CVE-2010-0732, CVE-2010-0829, CVE-2010-1000, CVE-2010-1205, CVE-2010-1511, CVE-2010-2056, CVE-2010-2060, CVE-2010-2192, CVE-2010-2251

SHA-256 | a863e2eb03f0ac1937834e096aa9a52158ef6e9eb8144f3d6df45b14d4002a27

Download | Favorite | View

Ubuntu Security Notice 889-1

Posted Jan 21, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 889-1 - It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Aki Helin discovered that gzip incorrectly handled certain malformed files compressed with the Lempel

tags | advisory, arbitrary

systems | linux, ubuntu

advisories | CVE-2009-2624, CVE-2010-0001

SHA-256 | 2d7b396c190d62a5aab0c1e1b39b06e60d46fda949cf0f9f8483b808e93b4b85

Download | Favorite | View

Mandriva Linux Security Advisory 2010-020

Posted Jan 21, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-020 - A missing input sanitation flaw was found in the way gzip used to decompress data blocks for dynamic Huffman codes. A remote attacker could provide a specially-crafted gzip compressed data archive, which once opened by a local, unsuspecting user would lead to denial of service (gzip crash) or, potentially, to arbitrary code execution with the privileges of the user running gzip. An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, arbitrary, local, code execution

systems | linux, mandriva

advisories | CVE-2009-2624, CVE-2010-0001

SHA-256 | 7980610906396d3404f249abea3a118e88d040bb5af629574f6c48ec40499772

Download | Favorite | View

Debian Linux Security Advisory 1974-1

Posted Jan 20, 2010

Authored by Debian | Site debian.org

Debian Linux Security Advisory 1974-1 - Several vulnerabilities have been found in gzip, the GNU compression utilities.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2009-2624, CVE-2010-0001

SHA-256 | e397141f9be1ae80a34d9e6ea6e578ba79705dedef10ce6d881ad43ea196457a

Download | Favorite | View