Note: This is an archival copy of Security Sun Alert 200095 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000079.1.
Article ID : 1000079.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-03-13
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Multiple Security Vulnerabilities in the gzip(1) Command May Lead to Denial of Service (DoS) or Execution of Arbitrary Code



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6470484

Date of Workaround Release
08-JAN-2007

Date of Resolved Release
07-MAR-2007

Impact

Security vulnerabilities in the gzip(1) command may allow a local or remote unprivileged user to execute arbitrary code with the privileges of another user who runs the gzip(1) command, or cause a Denial of Service (DoS) condition using a specially crafted gzip archive.

These issues are also referenced in the following documents:

Sun acknowledges with thanks, Tavis Ormandy, Google Security Team, for discovering and reporting these issues.


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 112668-04
  • Solaris 9 without patch 116340-06
  • Solaris 10 without patch 120719-02

x86 Platform

  • Solaris 8 without patch 112669-04
  • Solaris 9 without patch 116341-06
  • Solaris 10 without patch 120720-02

Symptoms

There are no predictable symptoms that would indicate the described issues have been exploited.


Workaround

There is no workaround.  Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 112668-04 or later
  • Solaris 9 with patch 116340-06 or later
  • Solaris 10 with patch 120719-02 or later

x86 Platform

  • Solaris 8 with patch 112669-04 or later
  • Solaris 9 with patch 116341-06 or later
  • Solaris 10 with patch 120720-02 or later


Modification History
Date: 17-JAN-2007
  • Updated Contributing Factors and Resolution section

Date: 21-FEB-2007
  • Updated Relief/Workaround section

Date: 22-FEB-2007
  • Updated Relief/Workaround section

Date: 07-MAR-2007
  • State: Resolved
  • Updated Contributing Factors, Relief/Workaround, and Resolution sections.


References

116340-06
116341-06
120719-02
120720-02
112668-04
112669-04




Attachments
This solution has no attachment