Note: This is an archival copy of Security Sun Alert 200095 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000079.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System Bug Id 6470484 Date of Workaround Release 08-JAN-2007 Date of Resolved Release 07-MAR-2007 Impact Security vulnerabilities in the gzip(1) command may allow a local or remote unprivileged user to execute arbitrary code with the privileges of another user who runs the gzip(1) command, or cause a Denial of Service (DoS) condition using a specially crafted gzip archive. These issues are also referenced in the following documents:
Sun acknowledges with thanks, Tavis Ormandy, Google Security Team, for discovering and reporting these issues. Contributing Factors These issues can occur in the following releases: SPARC Platform
x86 Platform
Symptoms There are no predictable symptoms that would indicate the described issues have been exploited. Workaround There is no workaround. Please see the Resolution section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Modification History Date: 17-JAN-2007
Date: 21-FEB-2007
Date: 22-FEB-2007
Date: 07-MAR-2007
References116340-06116341-06 120719-02 120720-02 112668-04 112669-04 Attachments This solution has no attachment |
|