Vulnerabilities > CVE-2003-0107 - Unspecified vulnerability in Zlib 1.1.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
Exploit-Db
description Zlib 1.1.4 Compression Library gzprintf() Buffer Overrun Vulnerability (2). CVE-2003-0107 . Remote exploit for linux platform id EDB-ID:22274 last seen 2016-02-02 modified 2003-02-23 published 2003-02-23 reporter CrZ source https://www.exploit-db.com/download/22274/ title Zlib 1.1.4 Compression Library gzprintf Buffer Overrun Vulnerability 2 description Zlib 1.1.4 Compression Library gzprintf() Buffer Overrun Vulnerability (1). CVE-2003-0107 . Dos exploit for linux platform id EDB-ID:22273 last seen 2016-02-02 modified 2003-02-23 published 2003-02-23 reporter Richard Kettlewel source https://www.exploit-db.com/download/22273/ title Zlib 1.1.4 Compression Library gzprintf Buffer Overrun Vulnerability 1
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-081.NASL description Updated zlib packages that fix a buffer overflow vulnerability are now available. Zlib is a general-purpose, patent-free, lossless data compression library that is used by many different programs. The function gzprintf within zlib, when called with a string longer than Z_PRINTF_BUFZISE (= 4096 bytes), can overflow without giving a warning. zlib-1.1.4 and earlier exhibit this behavior. There are no known exploits of the gzprintf overrun, and only a few programs, including rpm2html and gimp-print, are known to use the gzprintf function. The problem has been fixed by checking the length of the output string within gzprintf. last seen 2020-06-01 modified 2020-06-02 plugin id 12374 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12374 title RHEL 2.1 : zlib (RHSA-2003:081) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:081. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12374); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0107"); script_xref(name:"RHSA", value:"2003:081"); script_name(english:"RHEL 2.1 : zlib (RHSA-2003:081)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated zlib packages that fix a buffer overflow vulnerability are now available. Zlib is a general-purpose, patent-free, lossless data compression library that is used by many different programs. The function gzprintf within zlib, when called with a string longer than Z_PRINTF_BUFZISE (= 4096 bytes), can overflow without giving a warning. zlib-1.1.4 and earlier exhibit this behavior. There are no known exploits of the gzprintf overrun, and only a few programs, including rpm2html and gimp-print, are known to use the gzprintf function. The problem has been fixed by checking the length of the output string within gzprintf." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0107" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:081" ); script_set_attribute( attribute:"solution", value:"Update the affected zlib and / or zlib-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:zlib-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2003/05/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:081"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"zlib-1.1.4-8.2.1AS")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"zlib-devel-1.1.4-8.2.1AS")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zlib / zlib-devel"); } }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-033.NASL description Richard Kettlewell discovered a buffer overflow vulnerability in the zlib library last seen 2020-06-01 modified 2020-06-02 plugin id 14017 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14017 title Mandrake Linux Security Advisory : zlib (MDKSA-2003:033) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:033. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14017); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0107"); script_bugtraq_id(6913); script_xref(name:"MDKSA", value:"2003:033"); script_name(english:"Mandrake Linux Security Advisory : zlib (MDKSA-2003:033)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Richard Kettlewell discovered a buffer overflow vulnerability in the zlib library's gzprintf() function. This can be used by attackers to cause a denial of service or possibly even the execution of arbitrary code. Our thanks to the OpenPKG team for providing a patch which adds the necessary configure script checks to always use the secure vsnprintf(3) and snprintf(3) functions, and which additionally adjusts the code to correctly take into account the return value of vsnprintf(3) and snprintf(3)." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:zlib-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:zlib1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:zlib1-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"zlib-1.1.3-11.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"zlib-devel-1.1.3-11.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"zlib1-1.1.3-16.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"zlib1-devel-1.1.3-16.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"zlib1-1.1.3-16.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"zlib1-devel-1.1.3-16.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"zlib1-1.1.3-19.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"zlib1-devel-1.1.3-19.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"zlib1-1.1.4-5.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"zlib1-devel-1.1.4-5.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Redhat
advisories |
|
References
- http://online.securityfocus.com/archive/1/312869
- http://www.iss.net/security_center/static/11381.php
- http://lists.apple.com/mhonarc/security-announce/msg00038.html
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc
- http://www.redhat.com/support/errata/RHSA-2003-079.html
- http://www.redhat.com/support/errata/RHSA-2003-081.html
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405
- http://www.kb.cert.org/vuls/id/142121
- http://www.securityfocus.com/bid/6913
- http://www.osvdb.org/6599
- http://marc.info/?l=bugtraq&m=104620610427210&w=2
- http://marc.info/?l=bugtraq&m=104887247624907&w=2
- http://marc.info/?l=bugtraq&m=104610536129508&w=2
- http://marc.info/?l=bugtraq&m=104610337726297&w=2
- http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html
- http://jvn.jp/en/jp/JVN78689801/index.html