FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
63bd4bad-dffe-11d9-b875-0001020eed82gzip -- directory traversal and permission race vulnerabilities

Problem Description

Two problems related to extraction of files exist in gzip:

The first problem is that gzip does not properly sanitize filenames containing "/" when uncompressing files using the -N command line option.

The second problem is that gzip does not set permissions on newly extracted files until after the file has been created and the file descriptor has been closed.

Impact

The first problem can allow an attacker to overwrite arbitrary local files when uncompressing a file using the -N command line option.

The second problem can allow a local attacker to change the permissions of arbitrary local files, on the same partition as the one the user is uncompressing a file on, by removing the file the user is uncompressing and replacing it with a hardlink before the uncompress operation is finished.

Workaround

Do not use the -N command line option on untrusted files and do not uncompress files in directories where untrusted users have write access.


Discovery 2005-04-20
Entry 2005-06-18
Modified 2005-07-06
FreeBSD
ge 5.4 lt 5.4_2

ge 5.0 lt 5.3_16

ge 4.11 lt 4.11_10

ge 4.10 lt 4.10_15

ge 4.9 lt 4.9_18

lt 4.8_33

gzip
lt 1.3.5_2

CVE-2005-0988
CVE-2005-1228
SA-05:11.gzip
http://marc.theaimsgroup.com/?l=bugtraq&m=111271860708210
http://marc.theaimsgroup.com/?l=bugtraq&m=111402732406477
b019585a-bfea-11ec-b46c-b42e991fc52ezgrep -- arbitrary file write

RedHat reports:

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.


Discovery 2022-04-07
Entry 2022-04-19
gzip
lt 1.12

CVE-2022-1271
https://bugzilla.redhat.com/show_bug.cgi?id=2073310
11a84092-8f9f-11db-ab33-000e0c2e438agzip -- multiple vulnerabilities

Problem Description

Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop.

Impact

The insufficient bounds checks in buffer use can cause gzip to crash, and may permit the execution of arbitrary code. The NULL pointer deference can cause gzip to crash. The infinite loop can cause a Denial-of-Service situation where gzip uses all available CPU time.

Workaround

No workaround is available.


Discovery 2006-09-19
Entry 2006-12-19
Modified 2016-08-09
FreeBSD
ge 6.1 lt 6.1_7

ge 6.0 lt 6.0_12

ge 5.5 lt 5.5_5

ge 5.4 lt 5.4_19

ge 5.3 lt 5.3_34

lt 4.11_22

gzip
lt 1.3.12

CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
SA-06:21.gzip