ID CVE-2005-2096
Summary zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
References
Vulnerable Configurations
  • GNU zlib 1.2
    cpe:2.3:a:gnu:zlib:1.2.0
  • GNU zlib 1.2.1
    cpe:2.3:a:gnu:zlib:1.2.1
  • GNU zlib 1.2.2
    cpe:2.3:a:gnu:zlib:1.2.2
CVSS
Base: 7.5 (as of 07-07-2005 - 10:15)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id SAFARI_3_2.NASL
    description The version of Safari installed on the remote Windows host is earlier than 3.2. Such versions are potentially affected by several issues : - Safari includes a version of zlib that is affected by multiple vulnerabilities. (CVE-2005-2096) - A heap-based buffer overflow issue in the libxslt library could lead to a crash or arbitrary code execution. (CVE-2008-1767) - A signedness issue in Safari's handling of JavaScript array indices could lead to a crash or arbitrary code execution. (CVE-2008-2303) - A memory corruption issue in WebCore's handling of style sheet elements could lead to a crash or arbitrary code execution. (CVE-2008-2317) - Multiple uninitialized memory access issues in libTIFF's handling of LZW-encoded TIFF images could lead to a crash or arbitrary code execution. (CVE-2008-2327) - A memory corruption issue in ImageIO's handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2008-2332). - A memory corruption issue in ImageIO's handling of embedded ICC profiles in JPEG images could lead to a crash or arbitrary code execution. (CVE-2008-3608) - A heap-based buffer overflow in CoreGraphics' handling of color spaces could lead to a crash or arbitrary code execution. (CVE-2008-3623) - A buffer overflow in the handling of images with an embedded ICC profile could lead to a crash or arbitrary code execution. (CVE-2008-3642) - Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. (CVE-2008-3644) - WebKit's plug-in interface does not block plug-ins from launching local URLs, which could allow a remote attacker to launch local files in Safari and lead to the disclosure of sensitive information. (CVE-2008-4216)
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 34772
    published 2008-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34772
    title Safari < 3.2 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0525.NASL
    description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib was discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-2096). An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around could allow an attacker, acting as a 'man in the middle' to force an SSL connection to use SSL 2.0 rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types can take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the way that the Python repr() function handled UTF-32/UCS-4 strings. If an application written in Python used the repr() function on untrusted data, this could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application. (CVE-2006-4980) A flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function. (CVE-2007-2052) Multiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965) A stack-based buffer overflow was discovered in the Python interpreter, which could allow a local user to gain privileges by running a script with a long name from the current working directory. (CVE-2006-1542) Users of Red Hat Network Satellite Server should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43838
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43838
    title RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_34567.NASL
    description s700_800 11.04 Virtualvault 4.6 OpenSSH update : A potential security vulnerability has been identified with HP-UX running Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a Denial of Service (DoS).
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 21714
    published 2006-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21714
    title HP-UX PHSS_34567 : HP-UX Secure Shell Remote Denial of Service (DoS) (HPSBUX02090 SSRT051058 rev.2)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8EFE93E2EE6211D983100001020EED82.NASL
    description Problem Description An error in the handling of corrupt compressed data streams can result in a buffer being overflowed. Impact By carefully crafting a corrupt compressed data stream, an attacker can overwrite data structures in a zlib-using application. This may cause the application to halt, causing a denial of service; or it may result in the attacker gaining elevated privileges.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21472
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21472
    title FreeBSD : zlib -- buffer overflow vulnerability (8efe93e2-ee62-11d9-8310-0001020eed82)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-740.NASL
    description An error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file. This problem does not affect the old stable distribution (woody).
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 18632
    published 2005-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18632
    title Debian DSA-740-1 : zlib - remote denial of service
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-773.NASL
    description This advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 57528
    published 2012-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57528
    title Debian DSA-773-1 : amd64 - several vulnerabilities
  • NASL family Databases
    NASL id MYSQL_4_1_13A_OR_5_0_10.NASL
    description The version of MySQL installed on the remote host is older than 4.1.13a or 5.0.10 and as such, may have been linked with zlib 1.2.2. On operating systems where the MySQL binaries are statically linked (mainly Windows and HP-UX), a remote attacker could crash the server or execute arbitrary code by triggering a buffer overflow in zlib.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 17827
    published 2012-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17827
    title MySQL < 4.1.13a / 5.0.10 Zlib Library Buffer Overflow
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2005-007.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 19463
    published 2005-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19463
    title Mac OS X Multiple Vulnerabilities (Security Update 2005-007)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_119209.NASL
    description NSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/11/17
    last seen 2018-09-01
    modified 2017-11-13
    plugin id 23414
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23414
    title Solaris 8 (sparc) : 119209-36
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_34566.NASL
    description s700_800 11.04 Virtualvault 4.7 OpenSSH update : A potential security vulnerability has been identified with HP-UX running Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a Denial of Service (DoS).
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 21713
    published 2006-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21713
    title HP-UX PHSS_34566 : HP-UX Secure Shell Remote Denial of Service (DoS) (HPSBUX02090 SSRT051058 rev.2)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_119212.NASL
    description NSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/09/17
    last seen 2018-09-01
    modified 2017-11-10
    plugin id 19844
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19844
    title Solaris 9 (x86) : 119212-36
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_119211.NASL
    description NSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/09/17
    last seen 2018-09-01
    modified 2017-11-10
    plugin id 19842
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19842
    title Solaris 9 (sparc) : 119211-36
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0264.NASL
    description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Two denial-of-service flaws were fixed in ZLib. (CVE-2005-2096, CVE-2005-1849) Multiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339, CVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969) Multiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052, CVE-2006-4980, CVE-2006-1542) Users of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43836
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43836
    title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0629.NASL
    description Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib were discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 was used an attacker could, potentially, forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around was vulnerable to a man-in-the-middle attack which allowed a remote user to force an SSL connection to use SSL 2.0, rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures, an error condition was mishandled. This could result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types could take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the Python repr() function's handling of UTF-32/UCS-4 strings. If an application used the repr() function on untrusted data, this could lead to a denial of service or, possibly, allow the execution of arbitrary code with the privileges of the application using the flawed function. (CVE-2006-4980) A flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This could, potentially, cause disclosure of data stored in the memory of an application using this function. (CVE-2007-2052) Multiple integer overflow flaws were discovered in Python's imageop module. If an application used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or, possibly, execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965) A stack-based buffer overflow was discovered in the Python interpreter, which could allow a local user to gain privileges by running a script with a long name from the current working directory. (CVE-2006-1542) Users of Red Hat Network Satellite Server should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43839
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43839
    title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-569.NASL
    description Updated Zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Zlib is a general-purpose lossless data compression library which is used by many different programs. Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2 and above. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file which would cause a web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2096 to this issue. Please note that the versions of Zlib as shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue. All users should update to these erratum packages which contain a patch from Mark Adler which corrects this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21947
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21947
    title CentOS 4 : zlib (CESA-2005:569)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2005-189-01.NASL
    description New zlib packages are available for Slackware 10.0, 10.1, and -current to fix a denial of service security issue. zlib 1.1.x is not affected.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 18799
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18799
    title Slackware 10.0 / 10.1 / current : zlib DoS (SSA:2005-189-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_10292.NASL
    description perl-Compress-Zlib included a copy of zlib which is vulnerable to a denial of service attack tracked by the Mitre CVE CVE-2005-2096. This update removed the use of the internal copy and now uses the external version of zlib.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41077
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41077
    title SuSE9 Security Update : perl-Compress-Zlib (YOU Patch Number 10292)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2005_039.NASL
    description The remote host is missing the patch for the advisory SUSE-SA:2005:039 (zlib). A denial of service condition was fixed in the zlib library. Any program using zlib to decompress data can be crashed by a specially handcrafted invalid data stream. This includes web browsers or email programs able to view PNG images (which are compressed by zlib), allowing remote attackers to crash browser sessions or potentially anti virus programs using this vulnerability. This issue is tracked by the Mitre CVE ID CVE-2005-2096. Since only zlib 1.2.x is affected, older SUSE products are not affected by this problem.
    last seen 2019-02-21
    modified 2010-10-06
    plugin id 19248
    published 2005-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19248
    title SUSE-SA:2005:039: zlib
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200507-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-200507-05 (zlib: Buffer overflow) Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed deflate data stream to overrun a buffer. Impact : An attacker could construct a malformed data stream, embedding it within network communication or an application file format, potentially resulting in the execution of arbitrary code when decoded by the application using the zlib library. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 18634
    published 2005-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18634
    title GLSA-200507-05 : zlib: Buffer overflow
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-148-1.NASL
    description Tavis Ormandy discovered that zlib did not properly verify data streams. Decompressing certain invalid compressed files caused corruption of internal data structures, which caused applications which link to zlib to crash. Specially crafted input might even have allowed arbitrary code execution. zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause Denial of Service attacks to almost all services provided by an Ubuntu system. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20543
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20543
    title Ubuntu 4.10 / 5.04 : zlib vulnerability (USN-148-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-797.NASL
    description zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package. There was a build error for the sarge i386 proftpd packages released in DSA 797-1. A new build, zsync_0.3.3-1.sarge.1.2, has been prepared to correct this error. The packages for other architectures are unaffected.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19567
    published 2005-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19567
    title Debian DSA-797-2 : zsync - denial of service
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1026.NASL
    description Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file. A further error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file. sash, the stand-alone shell, links statically against zlib, and was thus affected by these problems.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22568
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22568
    title Debian DSA-1026-1 : sash - buffer overflows
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-151-3.NASL
    description USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since aide is statically linked against the zlib library, it is also affected by these issues. The updated packagages have been rebuilt against the fixed zlib. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-27
    plugin id 20551
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20551
    title Ubuntu 4.10 / 5.04 / 5.10 : aide vulnerabilities (USN-151-3)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-151-2.NASL
    description USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Most applications use the shared library provided by the 'zlib1g' package; however, some packages contain copies of the affected zlib code, so they need to be upgraded as well. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20550
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20550
    title Ubuntu 4.10 / 5.04 : dpkg, ia32-libs, amd64-libs vulnerabilities (USN-151-2)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200508-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200508-01 (Compress::Zlib: Buffer overflow) Compress::Zlib 1.34 contains a local vulnerable version of zlib, which may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use Compress::Zlib, resulting in a Denial of Service and potentially arbitrary code execution. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 19361
    published 2005-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19361
    title GLSA-200508-01 : Compress::Zlib: Buffer overflow
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200507-28.NASL
    description The remote host is affected by the vulnerability described in GLSA-200507-28 (AMD64 x86 emulation base libraries: Buffer overflow) Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use the x86 emulation base libraries for AMD64, resulting in a Denial of Service and potentially arbitrary code execution. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 19330
    published 2005-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19330
    title GLSA-200507-28 : AMD64 x86 emulation base libraries: Buffer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_10347.NASL
    description The previous zlib update for CVE-2005-2096 fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. This security update fixes this problem. This issue is tracked by the Mitre CVE ID CVE-2005-1849.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41078
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41078
    title SuSE9 Security Update : zlib (YOU Patch Number 10347)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-151-4.NASL
    description USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since lsb-rpm is statically linked against the zlib library, it is also affected by these issues. The updated packagages have been rebuilt against the fixed zlib. Please note that lsb-rpm is not officially supported (it is in the 'universe' component of the archive). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20552
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20552
    title Ubuntu 4.10 / 5.04 / 5.10 : rpm vulnerability (USN-151-4)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-569.NASL
    description Updated Zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Zlib is a general-purpose lossless data compression library which is used by many different programs. Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2 and above. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file which would cause a web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2096 to this issue. Please note that the versions of Zlib as shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue. All users should update to these erratum packages which contain a patch from Mark Adler which corrects this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18635
    published 2005-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18635
    title RHEL 4 : zlib (RHSA-2005:569)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200509-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-200509-18 (Qt: Buffer overflow in the included zlib library) Qt links to a bundled vulnerable version of zlib when emerged with the zlib USE-flag disabled. This may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use Qt, resulting in a Denial of Service or potentially arbitrary code execution. Workaround : Emerge Qt with the zlib USE-flag enabled.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 19817
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19817
    title GLSA-200509-18 : Qt: Buffer overflow in the included zlib library
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-196.NASL
    description The perl Compress::Zlib module contains an internal copy of the zlib library that was vulnerable to CVE-2005-1849 and CVE-2005-2096. This library was updated with version 1.35 of Compress::Zlib. An updated perl-Compress-Zlib package is now available to provide the fixed module.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20124
    published 2005-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20124
    title Mandrake Linux Security Advisory : perl-Compress-Zlib (MDKSA-2005:196)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-070.NASL
    description Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core (CVE-2005-2096). Markus Oberhumber discovered additional ways that a specially crafted compressed stream could trigger an overflow. An attacker could create such a stream that would cause a linked application to crash if opened by a user (CVE-2005-1849). Both of these issues have previously been fixed in zlib, but sash links statically against zlib and is thus also affected by these issues. New sash packages are available that link against the updated zlib packages.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21207
    published 2006-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21207
    title Mandrake Linux Security Advisory : sash (MDKSA-2006:070)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-151-1.NASL
    description USN-148-1 fixed an improver input verification of zlib (CAN-2005-2096). Markus Oberhumer discovered additional ways a disrupted stream could trigger a buffer overflow and crash the application using zlib, so another update is necessary. zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause Denial of Service attacks to almost all services provided by an Ubuntu system. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20549
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20549
    title Ubuntu 4.10 / 5.04 : zlib vulnerability (USN-151-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-112.NASL
    description Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core. The updated packages have been patched to correct this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18649
    published 2005-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18649
    title Mandrake Linux Security Advisory : zlib (MDKSA-2005:112)
oval via4
  • accepted 2013-04-29T04:14:27.080-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
    family unix
    id oval:org.mitre.oval:def:11500
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
    version 22
  • accepted 2006-02-22T08:27:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
    family unix
    id oval:org.mitre.oval:def:1262
    status accepted
    submitted 2006-01-11T12:55:00.000-04:00
    title zlib Compression Remote DoS Vulnerability (B.11.23)
    version 31
  • accepted 2006-02-22T08:27:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
    family unix
    id oval:org.mitre.oval:def:1542
    status accepted
    submitted 2006-01-11T12:55:00.000-04:00
    title zlib Compression Remote DoS Vulnerability (B.11.00/B.11.11)
    version 32
redhat via4
advisories
  • rhsa
    id RHSA-2005:569
  • rhsa
    id RHSA-2008:0629
refmap via4
apple
  • APPLE-SA-2005-08-15
  • APPLE-SA-2005-08-17
  • APPLE-SA-2008-11-13
bid 14162
bugtraq
  • 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates
  • 20071018 Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)
  • 20071018 Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
  • 20071020 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
  • 20071021 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
  • 20071029 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
  • 20071029 Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)
cert-vn VU#680620
confirm
debian
  • DSA-1026
  • DSA-740
  • DSA-797
fedora FLSA:162680
freebsd FreeBSD-SA-05:16.zlib
gentoo
  • GLSA-200507-05
  • GLSA-200509-18
hp
  • HPSBUX02090
  • SSRT051058
mandrake MDKSA-2005:112
mandriva
  • MDKSA-2005:196
  • MDKSA-2006:070
misc https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391
sco SCOSA-2006.6
sectrack 1014398
secunia
  • 15949
  • 17054
  • 17225
  • 17236
  • 17326
  • 17516
  • 18377
  • 18406
  • 18507
  • 19550
  • 19597
  • 24788
  • 31492
  • 32706
sunalert 101989
suse SUSE-SA:2005:039
ubuntu
  • USN-148-1
  • USN-151-3
vupen
  • ADV-2005-0978
  • ADV-2006-0144
  • ADV-2007-1267
xf hpux-secure-shell-dos(24064)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 30-10-2012 - 21:48
Published 06-07-2005 - 00:00
Last modified 19-10-2018 - 11:32
Back to Top