HTTP: gzip LZH Decompression Stack Corruption
This signature detects attempts to exploit a known vulnerability in the LHZ file format. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.
Extended Description
The gzip utility is prone to multiple remote buffer-overflow and denial-of-service vulnerabilities when handling malicious archive files. Successful exploits may allow a remote attacker to corrupt process memory by triggering an overflow condition. This may lead to arbitrary code execution in the context of an affected user and may facilitate a remote compromise. Attackers may also trigger denial-of-service conditions by crashing or hanging the application. Specific information regarding affected versions of gzip is currently unavailable. This BID will be updated as more information is released.
Affected Products
Avaya s8700,Freebsd freebsd
Short Name
HTTP:STC:DL:GZIP-LHZ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2006-4335 Corruption Decompression LZH Stack bid:20101 gzip
Release Date
10/04/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Red_hat
Trustix
Suse
Apple
Gentoo
Gnu
Sun
Hp
Ubuntu
Turbolinux
Avaya
Ipcop
Sgi
Slackware
Rpath
Freebsd
Openpkg
Mandriva
Debian
Vmware
CVSS Score
7.5