Vulnerabilities > CVE-2005-2096 - Unspecified vulnerability in Zlib 1.2.0/1.2.1/1.2.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-18.NASL description The remote host is affected by the vulnerability described in GLSA-200509-18 (Qt: Buffer overflow in the included zlib library) Qt links to a bundled vulnerable version of zlib when emerged with the zlib USE-flag disabled. This may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use Qt, resulting in a Denial of Service or potentially arbitrary code execution. Workaround : Emerge Qt with the zlib USE-flag enabled. last seen 2020-06-01 modified 2020-06-02 plugin id 19817 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19817 title GLSA-200509-18 : Qt: Buffer overflow in the included zlib library code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200509-18. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(19817); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-1849", "CVE-2005-2096"); script_xref(name:"GLSA", value:"200509-18"); script_name(english:"GLSA-200509-18 : Qt: Buffer overflow in the included zlib library"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200509-18 (Qt: Buffer overflow in the included zlib library) Qt links to a bundled vulnerable version of zlib when emerged with the zlib USE-flag disabled. This may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use Qt, resulting in a Denial of Service or potentially arbitrary code execution. Workaround : Emerge Qt with the zlib USE-flag enabled." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200507-05" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200507-19" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200509-18" ); script_set_attribute( attribute:"solution", value: "All Qt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/qt-3.3.4-r8'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:qt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"x11-libs/qt", unaffected:make_list("ge 3.3.4-r8"), vulnerable:make_list("lt 3.3.4-r8"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Qt"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-773.NASL description This advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well. last seen 2020-06-01 modified 2020-06-02 plugin id 57528 published 2012-01-12 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57528 title Debian DSA-773-1 : amd64 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-773. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(57528); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2005-0392", "CVE-2005-0393", "CVE-2005-0469", "CVE-2005-0753", "CVE-2005-1151", "CVE-2005-1152", "CVE-2005-1174", "CVE-2005-1175", "CVE-2005-1266", "CVE-2005-1269", "CVE-2005-1545", "CVE-2005-1546", "CVE-2005-1686", "CVE-2005-1689", "CVE-2005-1796", "CVE-2005-1848", "CVE-2005-1849", "CVE-2005-1850", "CVE-2005-1851", "CVE-2005-1852", "CVE-2005-1853", "CVE-2005-1858", "CVE-2005-1914", "CVE-2005-1916", "CVE-2005-1922", "CVE-2005-1923", "CVE-2005-1934", "CVE-2005-1992", "CVE-2005-1993", "CVE-2005-2024", "CVE-2005-2040", "CVE-2005-2056", "CVE-2005-2070", "CVE-2005-2096", "CVE-2005-2231", "CVE-2005-2250", "CVE-2005-2277", "CVE-2005-2301", "CVE-2005-2302", "CVE-2005-2370"); script_xref(name:"DSA", value:"773"); script_name(english:"Debian DSA-773-1 : amd64 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "This advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-773" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected several package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:several"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/12"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"affix", reference:"2.1.1-2")) flag++; if (deb_check(release:"3.1", prefix:"centericq", reference:"4.20.0-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"centericq-common", reference:"4.20.0-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"centericq-fribidi", reference:"4.20.0-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"centericq-utf8", reference:"4.20.0-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"clamav", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"clamav-daemon", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"clamav-freshclam", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"clamav-milter", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"crip", reference:"3.5-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"cvs", reference:"1.11.1p1debian-11")) flag++; if (deb_check(release:"3.1", prefix:"dhcpcd", reference:"1.3.22pl4-21sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ekg", reference:"1.5+20050411-5")) flag++; if (deb_check(release:"3.1", prefix:"ettercap", reference:"0.7.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ettercap-common", reference:"0.7.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ettercap-gtk", reference:"0.7.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"fuse-utils", reference:"2.2.1-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"gaim", reference:"1.2.1-1.4")) flag++; if (deb_check(release:"3.1", prefix:"gaim-dev", reference:"1.2.1-1.4")) flag++; if (deb_check(release:"3.1", prefix:"gedit", reference:"2.8.3-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"gopher", reference:"3.0.7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heartbeat", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"heartbeat-dev", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-clients", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-clients-x", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-dev", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-kdc", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-servers", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-servers-x", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ht", reference:"0.8.0-2sarge4")) flag++; if (deb_check(release:"3.1", prefix:"krb5-admin-server", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-clients", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-ftpd", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-kdc", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-rsh-server", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-telnetd", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-user", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libaffix-dev", reference:"2.1.1-2")) flag++; if (deb_check(release:"3.1", prefix:"libaffix2", reference:"2.1.1-2")) flag++; if (deb_check(release:"3.1", prefix:"libasn1-6-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libclamav-dev", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"libclamav1", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"libdbm-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libfuse-dev", reference:"2.2.1-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libfuse2", reference:"2.2.1-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libgadu-dev", reference:"1.5+20050411-5")) flag++; if (deb_check(release:"3.1", prefix:"libgadu3", reference:"1.5+20050411-5")) flag++; if (deb_check(release:"3.1", prefix:"libgdbm-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libgssapi1-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libhdb7-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkadm55", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libkadm5clnt4-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkadm5srv7-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkafs0-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkrb5-17-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkrb5-dev", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libkrb53", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libopenssl-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libpils-dev", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libpils0", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libreadline-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libruby1.8-dbg", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libstonith-dev", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libstonith0", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libtcltk-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-geo", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-ldap", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-mysql", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-pgsql", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-pipe", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-sqlite", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-recursor", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-server", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ppxp", reference:"0.2001080415-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"ppxp-dev", reference:"0.2001080415-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"ppxp-tcltk", reference:"0.2001080415-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"ppxp-x11", reference:"0.2001080415-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"qpopper", reference:"4.0.5-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"qpopper-drac", reference:"4.0.5-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"razor", reference:"2.670-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ruby1.8-dev", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"spamc", reference:"3.0.3-2")) flag++; if (deb_check(release:"3.1", prefix:"stonith", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"sudo", reference:"1.6.8p7-1.1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"zlib-bin", reference:"1.2.2-4.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"zlib1g", reference:"1.2.2-4.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"zlib1g-dev", reference:"1.2.2-4.sarge.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-007.NASL description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib last seen 2020-06-01 modified 2020-06-02 plugin id 19463 published 2005-08-18 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19463 title Mac OS X Multiple Vulnerabilities (Security Update 2005-007) code # # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if(description) { script_id(19463); script_version ("1.15"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2005-1344", "CVE-2004-0942", "CVE-2004-0885", "CVE-2004-1083", "CVE-2004-1084", "CVE-2005-2501", "CVE-2005-2502", "CVE-2005-2503", "CVE-2005-2504", "CVE-2005-2505", "CVE-2005-2506", "CVE-2005-2525", "CVE-2005-2526", "CVE-2005-2507", "CVE-2005-2508", "CVE-2005-2519", "CVE-2005-2513", "CVE-2004-1189", "CVE-2005-1174", "CVE-2005-1175", "CVE-2005-1689", "CVE-2005-2511", "CVE-2005-2509", "CVE-2005-2512", "CVE-2005-2745", "CVE-2005-0709", "CVE-2005-0710", "CVE-2005-0711", "CVE-2004-0079", "CVE-2004-0112", "CVE-2005-2514", "CVE-2005-2515", "CVE-2005-2516", "CVE-2005-2517", "CVE-2005-2524", "CVE-2005-2520", "CVE-2005-2518", "CVE-2005-2510", "CVE-2005-1769", "CVE-2005-2095", "CVE-2005-2521", "CVE-2005-2522", "CVE-2005-2523", "CVE-2005-0605", "CVE-2005-2096", "CVE-2005-1849"); script_bugtraq_id(14567, 14569); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2005-007)"); script_summary(english:"Check for Security Update 2005-007"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib" ); # http://web.archive.org/web/20060406190355/http://docs.info.apple.com/article.html?artnum=302163 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?74ffa359" ); script_set_attribute(attribute:"solution", value: "!Install Security Update 2005-007." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/18"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/12"); script_set_attribute(attribute:"patch_publication_date", value: "2005/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } # packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # MacOS X 10.4.2 if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.2\.)", string:uname) ) { if (!egrep(pattern:"^SecUpd(Srvr)?2005-007", string:packages)) security_hole(0); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-070.NASL description Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core (CVE-2005-2096). Markus Oberhumber discovered additional ways that a specially crafted compressed stream could trigger an overflow. An attacker could create such a stream that would cause a linked application to crash if opened by a user (CVE-2005-1849). Both of these issues have previously been fixed in zlib, but sash links statically against zlib and is thus also affected by these issues. New sash packages are available that link against the updated zlib packages. last seen 2020-06-01 modified 2020-06-02 plugin id 21207 published 2006-04-11 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21207 title Mandrake Linux Security Advisory : sash (MDKSA-2006:070) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:070. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(21207); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2005-1849", "CVE-2005-2096"); script_xref(name:"MDKSA", value:"2006:070"); script_name(english:"Mandrake Linux Security Advisory : sash (MDKSA-2006:070)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core (CVE-2005-2096). Markus Oberhumber discovered additional ways that a specially crafted compressed stream could trigger an overflow. An attacker could create such a stream that would cause a linked application to crash if opened by a user (CVE-2005-1849). Both of these issues have previously been fixed in zlib, but sash links statically against zlib and is thus also affected by these issues. New sash packages are available that link against the updated zlib packages." ); script_set_attribute(attribute:"solution", value:"Update the affected sash package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sash"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.2", reference:"sash-3.7-3.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"sash-3.7-3.1.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS8_119209.NASL description NSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/11/17 last seen 2020-06-01 modified 2020-06-02 plugin id 23414 published 2006-11-06 reporter This script is Copyright (C) 2006-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23414 title Solaris 8 (sparc) : 119209-36 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(23414); script_version("$Revision: 1.32 $"); script_cvs_date("$Date: 2017/11/13 14:37:17 $"); script_cve_id("CVE-2005-2096", "CVE-2006-4339", "CVE-2006-5201", "CVE-2006-7140"); script_name(english:"Solaris 8 (sparc) : 119209-36"); script_summary(english:"Check for patch 119209-36"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 119209-36" ); script_set_attribute( attribute:"description", value: "NSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/11/17" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119209-36" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2017 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"119209-36", obsoleted_by:"", package:"SUNWprd", version:"4.1.6,REV=2003.09.08.10.19") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"119209-36", obsoleted_by:"", package:"SUNWjss", version:"3.1.2.3,REV=2003.03.08.12.17") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"119209-36", obsoleted_by:"", package:"SUNWtlsux", version:"3.3.10,REV=2004.03.25.01.10") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"119209-36", obsoleted_by:"", package:"SUNWtls", version:"3.3.2,REV=2002.09.18.12.49") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"119209-36", obsoleted_by:"", package:"SUNWprx", version:"4.1.2,REV=2002.09.03.00.17") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"119209-36", obsoleted_by:"", package:"SUNWpr", version:"4.1.2,REV=2002.09.03.00.17") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"119209-36", obsoleted_by:"", package:"SUNWtlsu", version:"3.3.7,REV=2003.12.01.12.23") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"119209-36", obsoleted_by:"", package:"SUNWtlsd", version:"3.3.6,REV=2003.09.08.10.30") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"119209-36", obsoleted_by:"", package:"SUNWtlsx", version:"3.3.2,REV=2002.09.18.12.49") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"119209-36", obsoleted_by:"", package:"SUNWjssx", version:"3.1.2.3,REV=2003.03.08.12.22") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0264.NASL description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Two denial-of-service flaws were fixed in ZLib. (CVE-2005-2096, CVE-2005-1849) Multiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339, CVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969) Multiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052, CVE-2006-4980, CVE-2006-1542) Users of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to 5.0.2, which resolves these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43836 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43836 title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264) NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI3_2.NASL description The version of Apple Safari installed on the remote Mac OS X host is earlier than 3.2. As such, it is potentially affected by several issues : - A signedness issue in Safari last seen 2020-06-01 modified 2020-06-02 plugin id 34773 published 2008-11-14 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34773 title Mac OS X : Apple Safari < 3.2 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8EFE93E2EE6211D983100001020EED82.NASL description Problem Description An error in the handling of corrupt compressed data streams can result in a buffer being overflowed. Impact By carefully crafting a corrupt compressed data stream, an attacker can overwrite data structures in a zlib-using application. This may cause the application to halt, causing a denial of service; or it may result in the attacker gaining elevated privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 21472 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21472 title FreeBSD : zlib -- buffer overflow vulnerability (8efe93e2-ee62-11d9-8310-0001020eed82) NASL family Fedora Local Security Checks NASL id FEDORA_2005-565.NASL description This update corrects security problem CVE-2005-2096. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19198 published 2005-07-14 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19198 title Fedora Core 4 : rpm-4.4.1-22 (2005-565) NASL family Solaris Local Security Checks NASL id SOLARIS9_119211.NASL description NSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 19842 published 2005-10-05 reporter This script is Copyright (C) 2005-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19842 title Solaris 9 (sparc) : 119211-36 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-740.NASL description An error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file. This problem does not affect the old stable distribution (woody). last seen 2020-06-01 modified 2020-06-02 plugin id 18632 published 2005-07-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18632 title Debian DSA-740-1 : zlib - remote denial of service NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-569.NASL description Updated Zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Zlib is a general-purpose lossless data compression library which is used by many different programs. Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2 and above. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file which would cause a web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2096 to this issue. Please note that the versions of Zlib as shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue. All users should update to these erratum packages which contain a patch from Mark Adler which corrects this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 18635 published 2005-07-06 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18635 title RHEL 4 : zlib (RHSA-2005:569) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1026.NASL description Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file. A further error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file. sash, the stand-alone shell, links statically against zlib, and was thus affected by these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 22568 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22568 title Debian DSA-1026-1 : sash - buffer overflows NASL family Debian Local Security Checks NASL id DEBIAN_DSA-797.NASL description zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package. There was a build error for the sarge i386 proftpd packages released in DSA 797-1. A new build, zsync_0.3.3-1.sarge.1.2, has been prepared to correct this error. The packages for other architectures are unaffected. last seen 2020-06-01 modified 2020-06-02 plugin id 19567 published 2005-09-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19567 title Debian DSA-797-2 : zsync - denial of service NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-151-3.NASL description USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since aide is statically linked against the zlib library, it is also affected by these issues. The updated packagages have been rebuilt against the fixed zlib. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20551 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20551 title Ubuntu 4.10 / 5.04 / 5.10 : aide vulnerabilities (USN-151-3) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-148-1.NASL description Tavis Ormandy discovered that zlib did not properly verify data streams. Decompressing certain invalid compressed files caused corruption of internal data structures, which caused applications which link to zlib to crash. Specially crafted input might even have allowed arbitrary code execution. zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause Denial of Service attacks to almost all services provided by an Ubuntu system. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20543 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20543 title Ubuntu 4.10 / 5.04 : zlib vulnerability (USN-148-1) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_119212.NASL description NSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 19844 published 2005-10-05 reporter This script is Copyright (C) 2005-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19844 title Solaris 9 (x86) : 119212-36 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-151-1.NASL description USN-148-1 fixed an improver input verification of zlib (CAN-2005-2096). Markus Oberhumer discovered additional ways a disrupted stream could trigger a buffer overflow and crash the application using zlib, so another update is necessary. zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause Denial of Service attacks to almost all services provided by an Ubuntu system. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20549 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20549 title Ubuntu 4.10 / 5.04 : zlib vulnerability (USN-151-1) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34567.NASL description s700_800 11.04 Virtualvault 4.6 OpenSSH update : A potential security vulnerability has been identified with HP-UX running Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 21714 published 2006-06-16 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21714 title HP-UX PHSS_34567 : HP-UX Secure Shell Remote Denial of Service (DoS) (HPSBUX02090 SSRT051058 rev.2) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200507-28.NASL description The remote host is affected by the vulnerability described in GLSA-200507-28 (AMD64 x86 emulation base libraries: Buffer overflow) Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use the x86 emulation base libraries for AMD64, resulting in a Denial of Service and potentially arbitrary code execution. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19330 published 2005-07-31 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19330 title GLSA-200507-28 : AMD64 x86 emulation base libraries: Buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-196.NASL description The perl Compress::Zlib module contains an internal copy of the zlib library that was vulnerable to CVE-2005-1849 and CVE-2005-2096. This library was updated with version 1.35 of Compress::Zlib. An updated perl-Compress-Zlib package is now available to provide the fixed module. last seen 2020-06-01 modified 2020-06-02 plugin id 20124 published 2005-11-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20124 title Mandrake Linux Security Advisory : perl-Compress-Zlib (MDKSA-2005:196) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-189-01.NASL description New zlib packages are available for Slackware 10.0, 10.1, and -current to fix a denial of service security issue. zlib 1.1.x is not affected. last seen 2020-06-01 modified 2020-06-02 plugin id 18799 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18799 title Slackware 10.0 / 10.1 / current : zlib DoS (SSA:2005-189-01) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-151-2.NASL description USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Most applications use the shared library provided by the last seen 2020-06-01 modified 2020-06-02 plugin id 20550 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20550 title Ubuntu 4.10 / 5.04 : dpkg, ia32-libs, amd64-libs vulnerabilities (USN-151-2) NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_043.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:043 (zlib). The previous zlib update for CVE-2005-2096 fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. This update fixes those problems as well. This issue is tracked by the Mitre CVE ID CVE-2005-1849. Since only zlib 1.2.x is affected, older SUSE products are not affected by this problem. last seen 2019-10-28 modified 2005-07-31 plugin id 19333 published 2005-07-31 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19333 title SUSE-SA:2005:043: zlib NASL family SuSE Local Security Checks NASL id SUSE9_10292.NASL description perl-Compress-Zlib included a copy of zlib which is vulnerable to a denial of service attack tracked by the Mitre CVE CVE-2005-2096. This update removed the use of the internal copy and now uses the external version of zlib. last seen 2020-06-01 modified 2020-06-02 plugin id 41077 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41077 title SuSE9 Security Update : perl-Compress-Zlib (YOU Patch Number 10292) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-01.NASL description The remote host is affected by the vulnerability described in GLSA-200508-01 (Compress::Zlib: Buffer overflow) Compress::Zlib 1.34 contains a local vulnerable version of zlib, which may lead to a buffer overflow. Impact : By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use Compress::Zlib, resulting in a Denial of Service and potentially arbitrary code execution. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19361 published 2005-08-01 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19361 title GLSA-200508-01 : Compress::Zlib: Buffer overflow NASL family Windows NASL id SAFARI_3_2.NASL description The version of Safari installed on the remote Windows host is earlier than 3.2. Such versions are potentially affected by several issues : - Safari includes a version of zlib that is affected by multiple vulnerabilities. (CVE-2005-2096) - A heap-based buffer overflow issue in the libxslt library could lead to a crash or arbitrary code execution. (CVE-2008-1767) - A signedness issue in Safari last seen 2020-06-01 modified 2020-06-02 plugin id 34772 published 2008-11-14 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34772 title Safari < 3.2 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0525.NASL description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib was discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-2096). An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around could allow an attacker, acting as a last seen 2020-06-01 modified 2020-06-02 plugin id 43838 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43838 title RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525) NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_039.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:039 (zlib). A denial of service condition was fixed in the zlib library. Any program using zlib to decompress data can be crashed by a specially handcrafted invalid data stream. This includes web browsers or email programs able to view PNG images (which are compressed by zlib), allowing remote attackers to crash browser sessions or potentially anti virus programs using this vulnerability. This issue is tracked by the Mitre CVE ID CVE-2005-2096. Since only zlib 1.2.x is affected, older SUSE products are not affected by this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 19248 published 2005-07-20 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19248 title SUSE-SA:2005:039: zlib NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-584.NASL description Updated zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Zlib is a general-purpose lossless data compression library that is used by many different programs. A previous zlib update, RHSA-2005:569 (CVE-2005-2096) fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file that would cause a Web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-1849 to this issue. Note that the versions of zlib shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue. All users should update to these errata packages that contain a patch from Mark Adler that corrects this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 19284 published 2005-07-22 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19284 title RHEL 4 : zlib (RHSA-2005:584) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-151-4.NASL description USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since lsb-rpm is statically linked against the zlib library, it is also affected by these issues. The updated packagages have been rebuilt against the fixed zlib. Please note that lsb-rpm is not officially supported (it is in the last seen 2020-06-01 modified 2020-06-02 plugin id 20552 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20552 title Ubuntu 4.10 / 5.04 / 5.10 : rpm vulnerability (USN-151-4) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-569.NASL description Updated Zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Zlib is a general-purpose lossless data compression library which is used by many different programs. Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2 and above. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file which would cause a web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2096 to this issue. Please note that the versions of Zlib as shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue. All users should update to these erratum packages which contain a patch from Mark Adler which corrects this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21947 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21947 title CentOS 4 : zlib (CESA-2005:569) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-584.NASL description Updated zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Zlib is a general-purpose lossless data compression library that is used by many different programs. A previous zlib update, RHSA-2005:569 (CVE-2005-2096) fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file that would cause a Web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-1849 to this issue. Note that the versions of zlib shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue. All users should update to these errata packages that contain a patch from Mark Adler that corrects this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21948 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21948 title CentOS 4 : zlib (CESA-2005:584) NASL family Databases NASL id MYSQL_4_1_13A_OR_5_0_10.NASL description The version of MySQL installed on the remote host is older than 4.1.13a or 5.0.10 and as such, may have been linked with zlib 1.2.2. On operating systems where the MySQL binaries are statically linked (mainly Windows and HP-UX), a remote attacker could crash the server or execute arbitrary code by triggering a buffer overflow in zlib. last seen 2020-06-01 modified 2020-06-02 plugin id 17827 published 2012-01-18 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17827 title MySQL < 4.1.13a / 5.0.10 Zlib Library Buffer Overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0629.NASL description Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib were discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 was used an attacker could, potentially, forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around was vulnerable to a man-in-the-middle attack which allowed a remote user to force an SSL connection to use SSL 2.0, rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures, an error condition was mishandled. This could result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types could take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the Python repr() function last seen 2020-06-01 modified 2020-06-02 plugin id 43839 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43839 title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629) NASL family SuSE Local Security Checks NASL id SUSE9_10347.NASL description The previous zlib update for CVE-2005-2096 fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. This security update fixes this problem. This issue is tracked by the Mitre CVE ID CVE-2005-1849. last seen 2020-06-01 modified 2020-06-02 plugin id 41078 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41078 title SuSE9 Security Update : zlib (YOU Patch Number 10347) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34566.NASL description s700_800 11.04 Virtualvault 4.7 OpenSSH update : A potential security vulnerability has been identified with HP-UX running Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 21713 published 2006-06-16 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21713 title HP-UX PHSS_34566 : HP-UX Secure Shell Remote Denial of Service (DoS) (HPSBUX02090 SSRT051058 rev.2) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-124.NASL description A previous zlib update (MDKSA-2005:112; CVE-2005-2096) fixed an overflow flaw in the zlib program. While that update did indeed fix the reported overflow issue, Markus Oberhumber discovered additional ways that a specially crafted compressed stream could trigger an overflow. An attacker could create such a stream that would cause a linked application to crash if opened by a user. The updated packages are provided to protect against this flaw. The Corporate Server 2.1 product is not affected by this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 19885 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19885 title Mandrake Linux Security Advisory : zlib (MDKSA-2005:124) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200507-05.NASL description The remote host is affected by the vulnerability described in GLSA-200507-05 (zlib: Buffer overflow) Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed deflate data stream to overrun a buffer. Impact : An attacker could construct a malformed data stream, embedding it within network communication or an application file format, potentially resulting in the execution of arbitrary code when decoded by the application using the zlib library. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18634 published 2005-07-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18634 title GLSA-200507-05 : zlib: Buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-112.NASL description Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core. The updated packages have been patched to correct this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 18649 published 2005-07-08 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18649 title Mandrake Linux Security Advisory : zlib (MDKSA-2005:112)
Oval
accepted 2013-04-29T04:14:27.080-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. family unix id oval:org.mitre.oval:def:11500 status accepted submitted 2010-07-09T03:56:16-04:00 title zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. version 25 accepted 2006-02-22T08:27:00.000-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. description zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. family unix id oval:org.mitre.oval:def:1262 status accepted submitted 2006-01-11T12:55:00.000-04:00 title zlib Compression Remote DoS Vulnerability (B.11.23) version 35 accepted 2006-02-22T08:27:00.000-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. description zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. family unix id oval:org.mitre.oval:def:1542 status accepted submitted 2006-01-11T12:55:00.000-04:00 title zlib Compression Remote DoS Vulnerability (B.11.00/B.11.11) version 36
Redhat
| advisories |
| ||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:71557 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-71557 |
| title | IPComp encapsulation pre-auth kernel memory corruption |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://www.debian.org/security/2005/dsa-740
- http://www.redhat.com/support/errata/RHSA-2005-569.html
- http://security.gentoo.org/glsa/glsa-200507-05.xml
- http://www.securityfocus.com/bid/14162
- http://securitytracker.com/id?1014398
- http://secunia.com/advisories/15949
- http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
- http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
- http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml
- http://www.debian.org/security/2005/dsa-797
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1
- http://www.kb.cert.org/vuls/id/680620
- http://www.ubuntulinux.org/usn/usn-151-3
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt
- http://secunia.com/advisories/18406
- http://secunia.com/advisories/18377
- http://secunia.com/advisories/17054
- http://secunia.com/advisories/17225
- http://secunia.com/advisories/17236
- http://secunia.com/advisories/17326
- http://secunia.com/advisories/17516
- http://secunia.com/advisories/19550
- http://www.debian.org/security/2006/dsa-1026
- http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm
- http://secunia.com/advisories/18507
- http://secunia.com/advisories/19597
- http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
- http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
- http://secunia.com/advisories/24788
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:112
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:196
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:070
- http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
- http://support.apple.com/kb/HT3298
- http://www.redhat.com/support/errata/RHSA-2008-0629.html
- http://secunia.com/advisories/31492
- http://www.vupen.com/english/advisories/2007/1267
- http://www.vupen.com/english/advisories/2006/0144
- http://www.vupen.com/english/advisories/2005/0978
- http://secunia.com/advisories/32706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24064
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1542
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1262
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11500
- https://usn.ubuntu.com/148-1/
- http://www.securityfocus.com/archive/1/482950/100/0/threaded
- http://www.securityfocus.com/archive/1/482949/100/0/threaded
- http://www.securityfocus.com/archive/1/482601/100/0/threaded
- http://www.securityfocus.com/archive/1/482571/100/0/threaded
- http://www.securityfocus.com/archive/1/482505/100/0/threaded
- http://www.securityfocus.com/archive/1/482503/100/0/threaded
- http://www.securityfocus.com/archive/1/464745/100/0/threaded
- http://www.securityfocus.com/archive/1/421411/100/0/threaded