Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200410-08] ncompress: Buffer overflow Vulnerability Scan
Vulnerability Scan Summary
ncompress: Buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200410-08
(ncompress: Buffer overflow)
compress and uncompress do not properly check bounds on command line
options, including the filename. Large parameters would trigger a buffer
By supplying a carefully crafted filename or other option, a possible hacker
could execute arbitrary code on the system. A local attacker could only
execute code with his own rights, but since compress and uncompress are
called by various daemon programs, this might also allow a remote attacker
to execute code with the rights of the daemon making use of ncompress.
There is no known workaround at this time.
All ncompress users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-arch/ncompress-4.2.4-r1"
# emerge ">=app-arch/ncompress-4.2.4-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.