CVE-2006-1168 – ncompress: .bss buffer underflow in decompression
https://notcve.org/view.php?id=CVE-2006-1168
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. La función decompress en compress42.c en (1) ncompress 4.2.4 y (2) liblzw permite a atacantes remotos provocar una denegación de servicio (caída), y posiblemente ejecutar código de su elección, mediante datos manipulados que llevan a un desbordamiento inferior de búfer. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=141728 http://downloads.avaya.com/css/P8/documents/100158840 http://rhn.redhat.com/errata/RHSA-2012-0810.html http://secunia.com/advisories/21427 http://secunia.com/advisories/21434 http://secunia.com/advisories/21437 http://secunia.com/advisories/21467 http://secunia.com/advisories/21880 http://secunia.com/advisories/22036 http://secunia.com/advisories/22296 •
CVE-2005-2991
https://notcve.org/view.php?id=CVE-2005-2991
ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970. • http://marc.info/?l=bugtraq&m=112689772732098&w=2 http://marc.info/?l=full-disclosure&m=112688098630314&w=2 http://securityreason.com/securityalert/12 http://www.zataz.net/adviso/ncompress-09052005.txt •
CVE-2001-1413
https://notcve.org/view.php?id=CVE-2001-1413
Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument. Desbordamiento de búfer basado en la pila en la función comprexx de ncompress 4.2.4 y anteriores, cuando se utiliza en situaciones que cruzan límites de seguridad (como servidores FTP), puede permitir a atacantes remotos ejecutar código de su elección mediante un argumento de nombre de fichero largo. • http://seclists.org/lists/vuln-dev/2001/Nov/0202.html http://security.gentoo.org/glsa/glsa-200410-08.xml http://www.kb.cert.org/vuls/id/176363 http://www.redhat.com/support/errata/RHSA-2004-536.html https://exchange.xforce.ibmcloud.com/vulnerabilities/10619 https://access.redhat.com/security/cve/CVE-2001-1413 https://bugzilla.redhat.com/show_bug.cgi?id=1616707 •