Vulnerabilities > CVE-2005-1849 - Unspecified vulnerability in Zlib 1.2.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-18.NASL description The remote host is affected by the vulnerability described in GLSA-200509-18 (Qt: Buffer overflow in the included zlib library) Qt links to a bundled vulnerable version of zlib when emerged with the zlib USE-flag disabled. This may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use Qt, resulting in a Denial of Service or potentially arbitrary code execution. Workaround : Emerge Qt with the zlib USE-flag enabled. last seen 2020-06-01 modified 2020-06-02 plugin id 19817 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19817 title GLSA-200509-18 : Qt: Buffer overflow in the included zlib library code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200509-18. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(19817); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-1849", "CVE-2005-2096"); script_xref(name:"GLSA", value:"200509-18"); script_name(english:"GLSA-200509-18 : Qt: Buffer overflow in the included zlib library"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200509-18 (Qt: Buffer overflow in the included zlib library) Qt links to a bundled vulnerable version of zlib when emerged with the zlib USE-flag disabled. This may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use Qt, resulting in a Denial of Service or potentially arbitrary code execution. Workaround : Emerge Qt with the zlib USE-flag enabled." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200507-05" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200507-19" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200509-18" ); script_set_attribute( attribute:"solution", value: "All Qt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/qt-3.3.4-r8'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:qt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"x11-libs/qt", unaffected:make_list("ge 3.3.4-r8"), vulnerable:make_list("lt 3.3.4-r8"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Qt"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200507-19.NASL description The remote host is affected by the vulnerability described in GLSA-200507-19 (zlib: Buffer overflow) zlib improperly handles invalid data streams which could lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use zlib, resulting in arbitrary code execution or a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19281 published 2005-07-22 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19281 title GLSA-200507-19 : zlib: Buffer overflow NASL family Fedora Local Security Checks NASL id FEDORA_2009-10262.NASL description deltarpm prior to the current build ships with a bundled copy of zlib. This version of zlib has a known vulnerability with CVE identifier: CVE-2005-1849 This build of deltarpm patches the program to use the system zlib (which was fixed when the vulnerability was first discovered) instead of the bundled copy. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42122 published 2009-10-15 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42122 title Fedora 11 : deltarpm-3.4-18.fc11 (2009-10262) NASL family Fedora Local Security Checks NASL id FEDORA_2005-625.NASL description - Fri Jul 22 2005 Ivana Varekova <varekova at redhat.com> 1.2.1.2-3.fc3 - fix bug 163038 - CVE-2005-1849 - zlib overflow problem Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19293 published 2005-07-24 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19293 title Fedora Core 3 : zlib-1.2.1.2-3.fc3 (2005-625) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-773.NASL description This advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well. last seen 2020-06-01 modified 2020-06-02 plugin id 57528 published 2012-01-12 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57528 title Debian DSA-773-1 : amd64 - several vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-007.NASL description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib last seen 2020-06-01 modified 2020-06-02 plugin id 19463 published 2005-08-18 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19463 title Mac OS X Multiple Vulnerabilities (Security Update 2005-007) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-070.NASL description Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core (CVE-2005-2096). Markus Oberhumber discovered additional ways that a specially crafted compressed stream could trigger an overflow. An attacker could create such a stream that would cause a linked application to crash if opened by a user (CVE-2005-1849). Both of these issues have previously been fixed in zlib, but sash links statically against zlib and is thus also affected by these issues. New sash packages are available that link against the updated zlib packages. last seen 2020-06-01 modified 2020-06-02 plugin id 21207 published 2006-04-11 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21207 title Mandrake Linux Security Advisory : sash (MDKSA-2006:070) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0264.NASL description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Two denial-of-service flaws were fixed in ZLib. (CVE-2005-2096, CVE-2005-1849) Multiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339, CVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969) Multiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052, CVE-2006-4980, CVE-2006-1542) Users of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to 5.0.2, which resolves these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43836 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43836 title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_837B9FB2059511DA86BC000E0C2E438A.NASL description Problem description A fixed-size buffer is used in the decompression of data streams. Due to erronous analysis performed when zlib was written, this buffer, which was belived to be sufficiently large to handle any possible input stream, is in fact too small. Impact A carefully constructed compressed data stream can result in zlib overwriting some data structures. This may cause applications to halt, resulting in a denial of service; or it may result in an attacker gaining elevated privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 21460 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21460 title FreeBSD : zlib -- buffer overflow vulnerability (837b9fb2-0595-11da-86bc-000e0c2e438a) NASL family Fedora Local Security Checks NASL id FEDORA_2005-626.NASL description - Fri Jul 22 2005 Ivana Varekova <varekova at redhat.com> 1.2.2.2-5.fc4 - fix bug 163038 - CVE-2005-1849 - zlib buffer overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19294 published 2005-07-24 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19294 title Fedora Core 4 : zlib-1.2.2.2-5.fc4 (2005-626) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1026.NASL description Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file. A further error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file. sash, the stand-alone shell, links statically against zlib, and was thus affected by these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 22568 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22568 title Debian DSA-1026-1 : sash - buffer overflows NASL family Debian Local Security Checks NASL id DEBIAN_DSA-797.NASL description zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package. There was a build error for the sarge i386 proftpd packages released in DSA 797-1. A new build, zsync_0.3.3-1.sarge.1.2, has been prepared to correct this error. The packages for other architectures are unaffected. last seen 2020-06-01 modified 2020-06-02 plugin id 19567 published 2005-09-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19567 title Debian DSA-797-2 : zsync - denial of service NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-151-3.NASL description USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since aide is statically linked against the zlib library, it is also affected by these issues. The updated packagages have been rebuilt against the fixed zlib. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20551 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20551 title Ubuntu 4.10 / 5.04 / 5.10 : aide vulnerabilities (USN-151-3) NASL family Fedora Local Security Checks NASL id FEDORA_2009-10237.NASL description deltarpm prior to the current build ships with a bundled copy of zlib. This version of zlib has a known vulnerability with CVE identifier: CVE-2005-1849 This build of deltarpm patches the program to use the system zlib (which was fixed when the vulnerability was first discovered) instead of the bundled copy. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42073 published 2009-10-09 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42073 title Fedora 11 : deltarpm-3.4-17.fc11 (2009-10237) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-151-1.NASL description USN-148-1 fixed an improver input verification of zlib (CAN-2005-2096). Markus Oberhumer discovered additional ways a disrupted stream could trigger a buffer overflow and crash the application using zlib, so another update is necessary. zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause Denial of Service attacks to almost all services provided by an Ubuntu system. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20549 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20549 title Ubuntu 4.10 / 5.04 : zlib vulnerability (USN-151-1) NASL family Databases NASL id MYSQL_4_1_13A_OR_5_0_11.NASL description The version of MySQL installed on the remote host is older than 4.1.13a or 5.0.11 and as such, may have been linked with zlib 1.2.2. On operating systems where the MySQL binaries are statically linked (mainly Windows and HP-UX), a remote attacker could crash the server by triggering a buffer overflow in zlib. last seen 2020-06-01 modified 2020-06-02 plugin id 17828 published 2012-01-18 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17828 title MySQL < 4.1.13a / 5.0.11 Zlib Library Buffer Overflow NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200507-28.NASL description The remote host is affected by the vulnerability described in GLSA-200507-28 (AMD64 x86 emulation base libraries: Buffer overflow) Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use the x86 emulation base libraries for AMD64, resulting in a Denial of Service and potentially arbitrary code execution. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19330 published 2005-07-31 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19330 title GLSA-200507-28 : AMD64 x86 emulation base libraries: Buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-196.NASL description The perl Compress::Zlib module contains an internal copy of the zlib library that was vulnerable to CVE-2005-1849 and CVE-2005-2096. This library was updated with version 1.35 of Compress::Zlib. An updated perl-Compress-Zlib package is now available to provide the fixed module. last seen 2020-06-01 modified 2020-06-02 plugin id 20124 published 2005-11-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20124 title Mandrake Linux Security Advisory : perl-Compress-Zlib (MDKSA-2005:196) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-151-2.NASL description USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Most applications use the shared library provided by the last seen 2020-06-01 modified 2020-06-02 plugin id 20550 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20550 title Ubuntu 4.10 / 5.04 : dpkg, ia32-libs, amd64-libs vulnerabilities (USN-151-2) NASL family Fedora Local Security Checks NASL id FEDORA_2009-10233.NASL description deltarpm prior to the current build ships with a bundled copy of zlib. This version of zlib has a known vulnerability with CVE identifier: CVE-2005-1849 This build of deltarpm patches the program to use the system zlib (which was fixed when the vulnerability was first discovered) instead of the bundled copy. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42072 published 2009-10-09 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42072 title Fedora 10 : deltarpm-3.4-11.fc10.1 (2009-10233) NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_043.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:043 (zlib). The previous zlib update for CVE-2005-2096 fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. This update fixes those problems as well. This issue is tracked by the Mitre CVE ID CVE-2005-1849. Since only zlib 1.2.x is affected, older SUSE products are not affected by this problem. last seen 2019-10-28 modified 2005-07-31 plugin id 19333 published 2005-07-31 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19333 title SUSE-SA:2005:043: zlib NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-01.NASL description The remote host is affected by the vulnerability described in GLSA-200508-01 (Compress::Zlib: Buffer overflow) Compress::Zlib 1.34 contains a local vulnerable version of zlib, which may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use Compress::Zlib, resulting in a Denial of Service and potentially arbitrary code execution. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19361 published 2005-08-01 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19361 title GLSA-200508-01 : Compress::Zlib: Buffer overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0525.NASL description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib was discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-2096). An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around could allow an attacker, acting as a last seen 2020-06-01 modified 2020-06-02 plugin id 43838 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43838 title RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-584.NASL description Updated zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Zlib is a general-purpose lossless data compression library that is used by many different programs. A previous zlib update, RHSA-2005:569 (CVE-2005-2096) fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file that would cause a Web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-1849 to this issue. Note that the versions of zlib shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue. All users should update to these errata packages that contain a patch from Mark Adler that corrects this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 19284 published 2005-07-22 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19284 title RHEL 4 : zlib (RHSA-2005:584) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-151-4.NASL description USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since lsb-rpm is statically linked against the zlib library, it is also affected by these issues. The updated packagages have been rebuilt against the fixed zlib. Please note that lsb-rpm is not officially supported (it is in the last seen 2020-06-01 modified 2020-06-02 plugin id 20552 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20552 title Ubuntu 4.10 / 5.04 / 5.10 : rpm vulnerability (USN-151-4) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-584.NASL description Updated zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Zlib is a general-purpose lossless data compression library that is used by many different programs. A previous zlib update, RHSA-2005:569 (CVE-2005-2096) fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file that would cause a Web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-1849 to this issue. Note that the versions of zlib shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue. All users should update to these errata packages that contain a patch from Mark Adler that corrects this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21948 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21948 title CentOS 4 : zlib (CESA-2005:584) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0629.NASL description Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib were discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 was used an attacker could, potentially, forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around was vulnerable to a man-in-the-middle attack which allowed a remote user to force an SSL connection to use SSL 2.0, rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures, an error condition was mishandled. This could result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types could take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the Python repr() function last seen 2020-06-01 modified 2020-06-02 plugin id 43839 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43839 title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-763.NASL description Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file. This problem does not affect the old stable distribution (woody). last seen 2020-06-01 modified 2020-06-02 plugin id 19257 published 2005-07-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19257 title Debian DSA-763-1 : zlib - remote DoS NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200603-18.NASL description The remote host is affected by the vulnerability described in GLSA-200603-18 (Pngcrush: Buffer overflow) Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a vulnerable version of zlib (GLSA 200507-19). Impact : By creating a specially crafted data stream, attackers can overwrite data structures for applications that use Pngcrush, resulting in a Denial of Service and potentially arbitrary code execution. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21125 published 2006-03-23 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21125 title GLSA-200603-18 : Pngcrush: Buffer overflow NASL family SuSE Local Security Checks NASL id SUSE9_10347.NASL description The previous zlib update for CVE-2005-2096 fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. This security update fixes this problem. This issue is tracked by the Mitre CVE ID CVE-2005-1849. last seen 2020-06-01 modified 2020-06-02 plugin id 41078 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41078 title SuSE9 Security Update : zlib (YOU Patch Number 10347) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-124.NASL description A previous zlib update (MDKSA-2005:112; CVE-2005-2096) fixed an overflow flaw in the zlib program. While that update did indeed fix the reported overflow issue, Markus Oberhumber discovered additional ways that a specially crafted compressed stream could trigger an overflow. An attacker could create such a stream that would cause a linked application to crash if opened by a user. The updated packages are provided to protect against this flaw. The Corporate Server 2.1 product is not affected by this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 19885 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19885 title Mandrake Linux Security Advisory : zlib (MDKSA-2005:124)
Oval
| accepted | 2013-04-29T04:13:49.717-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:11402 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. | ||||||||||||
| version | 25 |
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://www.debian.org/security/2005/dsa-763
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
- http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
- http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
- http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml
- http://www.debian.org/security/2005/dsa-797
- http://www.ubuntulinux.org/usn/usn-151-3
- http://www.securityfocus.com/bid/14340
- http://www.osvdb.org/18141
- http://securitytracker.com/id?1014540
- http://secunia.com/advisories/16137
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt
- http://secunia.com/advisories/18377
- http://www.redhat.com/support/errata/RHSA-2005-584.html
- http://secunia.com/advisories/17326
- http://secunia.com/advisories/17516
- http://www.debian.org/security/2006/dsa-1026
- http://secunia.com/advisories/19550
- http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml
- http://secunia.com/advisories/19334
- http://www.novell.com/linux/security/advisories/2005_43_zlib.html
- http://secunia.com/advisories/19597
- http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
- http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
- http://secunia.com/advisories/24788
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:196
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:070
- http://www.redhat.com/support/errata/RHSA-2008-0629.html
- http://secunia.com/advisories/31492
- http://www.vupen.com/english/advisories/2007/1267
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21456
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402
- http://www.securityfocus.com/archive/1/464745/100/0/threaded