CVE-2006-1168 - OpenCVE

The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ncompress	Ncompress
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:ncompress:ncompress:4.2.4:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
ncompress-0:4.2.4-39.rhel3	cpe:/o:redhat:enterprise_linux:3	RHSA-2006:0663	2006-09-12T00:00:00Z
Red Hat Enterprise Linux 4
ncompress-0:4.2.4-43.rhel4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0663	2006-09-12T00:00:00Z
Red Hat Enterprise Linux 5
busybox-1:1.2.0-13.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2012:0308	2012-02-21T00:00:00Z
Red Hat Enterprise Linux 6
busybox-1:1.15.1-15.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2012:0810	2012-06-19T00:00:00Z

References

Link	Providers
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
http://bugs.gentoo.org/show_bug.cgi?id=141728
http://downloads.avaya.com/css/P8/documents/100158840
http://rhn.redhat.com/errata/RHSA-2012-0810.html
http://secunia.com/advisories/21427
http://secunia.com/advisories/21434
http://secunia.com/advisories/21437
http://secunia.com/advisories/21467
http://secunia.com/advisories/21880
http://secunia.com/advisories/22036
http://secunia.com/advisories/22296
http://secunia.com/advisories/22377
http://security.gentoo.org/glsa/glsa-200610-03.xml
http://securitytracker.com/id?1016836
http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm
http://www.debian.org/security/2006/dsa-1149
http://www.mandriva.com/security/advisories?name=MDKSA-2006:140
http://www.mandriva.com/security/advisories?name=MDVSA-2012:129
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://www.redhat.com/support/errata/RHSA-2006-0663.html
http://www.securityfocus.com/bid/19455
http://www.vupen.com/english/advisories/2006/3234
https://bugzilla.redhat.com/show_bug.cgi?id=728536
https://exchange.xforce.ibmcloud.com/vulnerabilities/28315
https://nvd.nist.gov/vuln/detail/CVE-2006-1168
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373
https://www.cve.org/CVERecord?id=CVE-2006-1168

History

No history.

MITRE

Status: PUBLISHED

Assigner: sgi

Published: 2006-08-14T20:00:00

Updated: 2024-08-07T17:03:28.264Z

Reserved: 2006-03-12T00:00:00

Link: CVE-2006-1168

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-08-14T20:04:00.000

Modified: 2023-11-07T01:58:32.137

Link: CVE-2006-1168

Redhat

Severity : Moderate

Publid Date: 2006-08-08T00:00:00Z

Links: CVE-2006-1168 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object