ID CVE-2005-1849
Summary inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
References
Vulnerable Configurations
  • GNU zlib 1.2.2
    cpe:2.3:a:gnu:zlib:1.2.2
CVSS
Base: 5.0 (as of 27-07-2005 - 16:25)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-584.NASL
    description Updated zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Zlib is a general-purpose lossless data compression library that is used by many different programs. A previous zlib update, RHSA-2005:569 (CVE-2005-2096) fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file that would cause a Web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-1849 to this issue. Note that the versions of zlib shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue. All users should update to these errata packages that contain a patch from Mark Adler that corrects this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19284
    published 2005-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19284
    title RHEL 4 : zlib (RHSA-2005:584)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0525.NASL
    description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib was discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-2096). An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around could allow an attacker, acting as a 'man in the middle' to force an SSL connection to use SSL 2.0 rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types can take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the way that the Python repr() function handled UTF-32/UCS-4 strings. If an application written in Python used the repr() function on untrusted data, this could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application. (CVE-2006-4980) A flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function. (CVE-2007-2052) Multiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965) A stack-based buffer overflow was discovered in the Python interpreter, which could allow a local user to gain privileges by running a script with a long name from the current working directory. (CVE-2006-1542) Users of Red Hat Network Satellite Server should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43838
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43838
    title RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-773.NASL
    description This advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 57528
    published 2012-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57528
    title Debian DSA-773-1 : amd64 - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200507-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-200507-19 (zlib: Buffer overflow) zlib improperly handles invalid data streams which could lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use zlib, resulting in arbitrary code execution or a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 19281
    published 2005-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19281
    title GLSA-200507-19 : zlib: Buffer overflow
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_837B9FB2059511DA86BC000E0C2E438A.NASL
    description Problem description A fixed-size buffer is used in the decompression of data streams. Due to erronous analysis performed when zlib was written, this buffer, which was belived to be sufficiently large to handle any possible input stream, is in fact too small. Impact A carefully constructed compressed data stream can result in zlib overwriting some data structures. This may cause applications to halt, resulting in a denial of service; or it may result in an attacker gaining elevated privileges.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21460
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21460
    title FreeBSD : zlib -- buffer overflow vulnerability (837b9fb2-0595-11da-86bc-000e0c2e438a)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-124.NASL
    description A previous zlib update (MDKSA-2005:112; CVE-2005-2096) fixed an overflow flaw in the zlib program. While that update did indeed fix the reported overflow issue, Markus Oberhumber discovered additional ways that a specially crafted compressed stream could trigger an overflow. An attacker could create such a stream that would cause a linked application to crash if opened by a user. The updated packages are provided to protect against this flaw. The Corporate Server 2.1 product is not affected by this vulnerability.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19885
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19885
    title Mandrake Linux Security Advisory : zlib (MDKSA-2005:124)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2005-007.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 19463
    published 2005-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19463
    title Mac OS X Multiple Vulnerabilities (Security Update 2005-007)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200603-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-200603-18 (Pngcrush: Buffer overflow) Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a vulnerable version of zlib (GLSA 200507-19). Impact : By creating a specially crafted data stream, attackers can overwrite data structures for applications that use Pngcrush, resulting in a Denial of Service and potentially arbitrary code execution. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 21125
    published 2006-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21125
    title GLSA-200603-18 : Pngcrush: Buffer overflow
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-584.NASL
    description Updated zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Zlib is a general-purpose lossless data compression library that is used by many different programs. A previous zlib update, RHSA-2005:569 (CVE-2005-2096) fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file that would cause a Web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-1849 to this issue. Note that the versions of zlib shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue. All users should update to these errata packages that contain a patch from Mark Adler that corrects this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21948
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21948
    title CentOS 4 : zlib (CESA-2005:584)
  • NASL family Databases
    NASL id MYSQL_4_1_13A_OR_5_0_11.NASL
    description The version of MySQL installed on the remote host is older than 4.1.13a or 5.0.11 and as such, may have been linked with zlib 1.2.2. On operating systems where the MySQL binaries are statically linked (mainly Windows and HP-UX), a remote attacker could crash the server by triggering a buffer overflow in zlib.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 17828
    published 2012-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17828
    title MySQL < 4.1.13a / 5.0.11 Zlib Library Buffer Overflow
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-763.NASL
    description Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file. This problem does not affect the old stable distribution (woody).
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19257
    published 2005-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19257
    title Debian DSA-763-1 : zlib - remote DoS
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0264.NASL
    description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Two denial-of-service flaws were fixed in ZLib. (CVE-2005-2096, CVE-2005-1849) Multiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339, CVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969) Multiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052, CVE-2006-4980, CVE-2006-1542) Users of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43836
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43836
    title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0629.NASL
    description Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib were discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 was used an attacker could, potentially, forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around was vulnerable to a man-in-the-middle attack which allowed a remote user to force an SSL connection to use SSL 2.0, rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures, an error condition was mishandled. This could result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types could take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the Python repr() function's handling of UTF-32/UCS-4 strings. If an application used the repr() function on untrusted data, this could lead to a denial of service or, possibly, allow the execution of arbitrary code with the privileges of the application using the flawed function. (CVE-2006-4980) A flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This could, potentially, cause disclosure of data stored in the memory of an application using this function. (CVE-2007-2052) Multiple integer overflow flaws were discovered in Python's imageop module. If an application used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or, possibly, execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965) A stack-based buffer overflow was discovered in the Python interpreter, which could allow a local user to gain privileges by running a script with a long name from the current working directory. (CVE-2006-1542) Users of Red Hat Network Satellite Server should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43839
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43839
    title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-797.NASL
    description zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package. There was a build error for the sarge i386 proftpd packages released in DSA 797-1. A new build, zsync_0.3.3-1.sarge.1.2, has been prepared to correct this error. The packages for other architectures are unaffected.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19567
    published 2005-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19567
    title Debian DSA-797-2 : zsync - denial of service
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1026.NASL
    description Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file. A further error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file. sash, the stand-alone shell, links statically against zlib, and was thus affected by these problems.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22568
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22568
    title Debian DSA-1026-1 : sash - buffer overflows
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-151-3.NASL
    description USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since aide is statically linked against the zlib library, it is also affected by these issues. The updated packagages have been rebuilt against the fixed zlib. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-27
    plugin id 20551
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20551
    title Ubuntu 4.10 / 5.04 / 5.10 : aide vulnerabilities (USN-151-3)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-151-2.NASL
    description USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Most applications use the shared library provided by the 'zlib1g' package; however, some packages contain copies of the affected zlib code, so they need to be upgraded as well. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20550
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20550
    title Ubuntu 4.10 / 5.04 : dpkg, ia32-libs, amd64-libs vulnerabilities (USN-151-2)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200508-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200508-01 (Compress::Zlib: Buffer overflow) Compress::Zlib 1.34 contains a local vulnerable version of zlib, which may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use Compress::Zlib, resulting in a Denial of Service and potentially arbitrary code execution. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 19361
    published 2005-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19361
    title GLSA-200508-01 : Compress::Zlib: Buffer overflow
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200507-28.NASL
    description The remote host is affected by the vulnerability described in GLSA-200507-28 (AMD64 x86 emulation base libraries: Buffer overflow) Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use the x86 emulation base libraries for AMD64, resulting in a Denial of Service and potentially arbitrary code execution. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 19330
    published 2005-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19330
    title GLSA-200507-28 : AMD64 x86 emulation base libraries: Buffer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_10347.NASL
    description The previous zlib update for CVE-2005-2096 fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. This security update fixes this problem. This issue is tracked by the Mitre CVE ID CVE-2005-1849.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41078
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41078
    title SuSE9 Security Update : zlib (YOU Patch Number 10347)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-151-4.NASL
    description USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since lsb-rpm is statically linked against the zlib library, it is also affected by these issues. The updated packagages have been rebuilt against the fixed zlib. Please note that lsb-rpm is not officially supported (it is in the 'universe' component of the archive). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20552
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20552
    title Ubuntu 4.10 / 5.04 / 5.10 : rpm vulnerability (USN-151-4)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200509-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-200509-18 (Qt: Buffer overflow in the included zlib library) Qt links to a bundled vulnerable version of zlib when emerged with the zlib USE-flag disabled. This may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use Qt, resulting in a Denial of Service or potentially arbitrary code execution. Workaround : Emerge Qt with the zlib USE-flag enabled.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 19817
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19817
    title GLSA-200509-18 : Qt: Buffer overflow in the included zlib library
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-196.NASL
    description The perl Compress::Zlib module contains an internal copy of the zlib library that was vulnerable to CVE-2005-1849 and CVE-2005-2096. This library was updated with version 1.35 of Compress::Zlib. An updated perl-Compress-Zlib package is now available to provide the fixed module.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20124
    published 2005-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20124
    title Mandrake Linux Security Advisory : perl-Compress-Zlib (MDKSA-2005:196)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-070.NASL
    description Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core (CVE-2005-2096). Markus Oberhumber discovered additional ways that a specially crafted compressed stream could trigger an overflow. An attacker could create such a stream that would cause a linked application to crash if opened by a user (CVE-2005-1849). Both of these issues have previously been fixed in zlib, but sash links statically against zlib and is thus also affected by these issues. New sash packages are available that link against the updated zlib packages.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21207
    published 2006-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21207
    title Mandrake Linux Security Advisory : sash (MDKSA-2006:070)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-151-1.NASL
    description USN-148-1 fixed an improver input verification of zlib (CAN-2005-2096). Markus Oberhumer discovered additional ways a disrupted stream could trigger a buffer overflow and crash the application using zlib, so another update is necessary. zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause Denial of Service attacks to almost all services provided by an Ubuntu system. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20549
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20549
    title Ubuntu 4.10 / 5.04 : zlib vulnerability (USN-151-1)
oval via4
accepted 2013-04-29T04:13:49.717-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
family unix
id oval:org.mitre.oval:def:11402
status accepted
submitted 2010-07-09T03:56:16-04:00
title inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
version 22
redhat via4
advisories
  • rhsa
    id RHSA-2005:584
  • rhsa
    id RHSA-2008:0629
refmap via4
apple
  • APPLE-SA-2005-08-15
  • APPLE-SA-2005-08-17
bid 14340
bugtraq 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates
confirm
debian
  • DSA-1026
  • DSA-763
  • DSA-797
fedora FLSA:162680
gentoo
  • GLSA-200509-18
  • GLSA-200603-18
mandriva
  • MDKSA-2005:196
  • MDKSA-2006:070
misc http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
osvdb 18141
sco SCOSA-2006.6
sectrack 1014540
secunia
  • 16137
  • 17326
  • 17516
  • 18377
  • 19334
  • 19550
  • 19597
  • 24788
  • 31492
suse SUSE-SA:2005:043
ubuntu USN-151-3
vupen ADV-2007-1267
xf zlib-codetable-dos(21456)
Last major update 07-03-2011 - 21:22
Published 26-07-2005 - 00:00
Last modified 19-10-2018 - 11:31
Back to Top