Executive Summary
Summary | |
---|---|
Title | New sash packages fix potential arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-1026 | First vendor Publication | 2006-04-06 |
Vendor | Debian | Last vendor Modification | 2006-04-06 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file. A further error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file. sash, the stand-alone shell, links statically against zlib, and was thus affected by these problems. The old stable distribution (woody) isn't affected by these problems. For the stable distribution (sarge) these problems have been fixed in version 3.7-5sarge1. For the unstable distribution (sid) these problems have been fixed in version 3.7-6. We recommend that you upgrade your sash package. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1026 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11402 | |||
Oval ID: | oval:org.mitre.oval:def:11402 | ||
Title: | inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. | ||
Description: | inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1849 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11500 | |||
Oval ID: | oval:org.mitre.oval:def:11500 | ||
Title: | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | ||
Description: | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2096 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1262 | |||
Oval ID: | oval:org.mitre.oval:def:1262 | ||
Title: | zlib Compression Remote DoS Vulnerability (B.11.23) | ||
Description: | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2096 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | SecureShell |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1542 | |||
Oval ID: | oval:org.mitre.oval:def:1542 | ||
Title: | zlib Compression Remote DoS Vulnerability (B.11.00/B.11.11) | ||
Description: | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2096 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | SecureShell |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
ExploitDB Exploits
id | Description |
---|---|
2011-04-01 | IPComp encapsulation pre-auth kernel memory corruption |
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-19 | Name : Fedora Core 11 FEDORA-2009-10262 (deltarpm) File : nvt/fcore_2009_10262.nasl |
2009-10-13 | Name : Fedora Core 10 FEDORA-2009-10233 (deltarpm) File : nvt/fcore_2009_10233.nasl |
2009-10-13 | Name : Fedora Core 11 FEDORA-2009-10237 (deltarpm) File : nvt/fcore_2009_10237.nasl |
2009-10-10 | Name : SLES9: Security update for zlib File : nvt/sles9p5021486.nasl |
2009-10-10 | Name : SLES9: Security update for perl-Compress-Zlib File : nvt/sles9p5018309.nasl |
2009-10-10 | Name : SLES9: Security update for zlib File : nvt/sles9p5016451.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200603-18 (pngcrush) File : nvt/glsa_200603_18.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-18 (qt) File : nvt/glsa_200509_18.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200508-01 (Compress-Zlib) File : nvt/glsa_200508_01.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-28 (emul-linux-x86-baselibs) File : nvt/glsa_200507_28.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-05 (zlib) File : nvt/glsa_200507_05.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-19 (zlib) File : nvt/glsa_200507_19.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-05:18.zlib.asc) File : nvt/freebsdsa_zlib1.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-05:16.zlib.asc) File : nvt/freebsdsa_zlib.nasl |
2008-09-04 | Name : FreeBSD Ports: zsync File : nvt/freebsd_zsync.nasl |
2008-09-04 | Name : FreeBSD Ports: linux_base-suse File : nvt/freebsd_linux_base-suse.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1026-1 (sash) File : nvt/deb_1026_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 797-2 (zsync) File : nvt/deb_797_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 763-1 (zlib) File : nvt/deb_763_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 740-1 (zlib) File : nvt/deb_740_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-189-01 zlib DoS File : nvt/esoft_slk_ssa_2005_189_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
18141 | zlib inftrees.c Invalid File Overflow Local DoS |
17827 | zlib inftrees.c Crafted Compressed Stream Overflow DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-18 | Name : Arbitrary code could be executed on the remote database server. File : mysql_4_1_13a_or_5_0_10.nasl - Type : ACT_GATHER_INFO |
2012-01-18 | Name : The remote database server is vulnerable to a denial of service attack. File : mysql_4_1_13a_or_5_0_11.nasl - Type : ACT_GATHER_INFO |
2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-773.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0525.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0629.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0264.nasl - Type : ACT_GATHER_INFO |
2009-10-15 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10262.nasl - Type : ACT_GATHER_INFO |
2009-10-09 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10237.nasl - Type : ACT_GATHER_INFO |
2009-10-09 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10233.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_10292.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_10347.nasl - Type : ACT_GATHER_INFO |
2008-11-14 | Name : The remote host contains a web browser that is affected by several issues. File : macosx_Safari3_2.nasl - Type : ACT_GATHER_INFO |
2008-11-14 | Name : The remote host contains a web browser that is affected by several issues. File : safari_3_2.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119209-36 File : solaris8_119209.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1026.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-584.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-569.nasl - Type : ACT_GATHER_INFO |
2006-06-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34567.nasl - Type : ACT_GATHER_INFO |
2006-06-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34566.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_837b9fb2059511da86bc000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_8efe93e2ee6211d983100001020eed82.nasl - Type : ACT_GATHER_INFO |
2006-04-11 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-070.nasl - Type : ACT_GATHER_INFO |
2006-03-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200603-18.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-151-4.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-148-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-151-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-151-2.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-151-3.nasl - Type : ACT_GATHER_INFO |
2005-11-02 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-196.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-124.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing Sun Security Patch number 119212-36 File : solaris9_x86_119212.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing Sun Security Patch number 119211-36 File : solaris9_119211.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200509-18.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-797.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2005-007.nasl - Type : ACT_GATHER_INFO |
2005-08-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200508-01.nasl - Type : ACT_GATHER_INFO |
2005-07-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-28.nasl - Type : ACT_GATHER_INFO |
2005-07-31 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_043.nasl - Type : ACT_GATHER_INFO |
2005-07-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-626.nasl - Type : ACT_GATHER_INFO |
2005-07-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-625.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-584.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-19.nasl - Type : ACT_GATHER_INFO |
2005-07-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-763.nasl - Type : ACT_GATHER_INFO |
2005-07-20 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_039.nasl - Type : ACT_GATHER_INFO |
2005-07-14 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-565.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-189-01.nasl - Type : ACT_GATHER_INFO |
2005-07-08 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-112.nasl - Type : ACT_GATHER_INFO |
2005-07-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-05.nasl - Type : ACT_GATHER_INFO |
2005-07-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-740.nasl - Type : ACT_GATHER_INFO |
2005-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-569.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:25:38 |
|