Executive Summary
Summary | |
---|---|
Title | New zlib packages fix denial of service |
Informations | |||
---|---|---|---|
Name | DSA-740 | First vendor Publication | 2005-07-06 |
Vendor | Debian | Last vendor Modification | 2005-07-06 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
An error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file. This problem does not affect the old stable distribution (woody). For the stable distribution (sarge), this problem has been fixed in version 1.2.2-4.sarge.1. For the unstable distribution, this problem has been fixed in version 1.2.2-7. We recommend that you upgrade your clamav package. |
Original Source
Url : http://www.debian.org/security/2005/dsa-740 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11500 | |||
Oval ID: | oval:org.mitre.oval:def:11500 | ||
Title: | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | ||
Description: | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2096 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1262 | |||
Oval ID: | oval:org.mitre.oval:def:1262 | ||
Title: | zlib Compression Remote DoS Vulnerability (B.11.23) | ||
Description: | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2096 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | SecureShell |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1542 | |||
Oval ID: | oval:org.mitre.oval:def:1542 | ||
Title: | zlib Compression Remote DoS Vulnerability (B.11.00/B.11.11) | ||
Description: | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2096 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | SecureShell |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
ExploitDB Exploits
id | Description |
---|---|
2011-04-01 | IPComp encapsulation pre-auth kernel memory corruption |
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for zlib File : nvt/sles9p5016451.nasl |
2009-10-10 | Name : SLES9: Security update for perl-Compress-Zlib File : nvt/sles9p5018309.nasl |
2009-10-10 | Name : SLES9: Security update for zlib File : nvt/sles9p5021486.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-05 (zlib) File : nvt/glsa_200507_05.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-28 (emul-linux-x86-baselibs) File : nvt/glsa_200507_28.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200508-01 (Compress-Zlib) File : nvt/glsa_200508_01.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-18 (qt) File : nvt/glsa_200509_18.nasl |
2008-09-04 | Name : FreeBSD Ports: zsync File : nvt/freebsd_zsync.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-05:16.zlib.asc) File : nvt/freebsdsa_zlib.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1026-1 (sash) File : nvt/deb_1026_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 740-1 (zlib) File : nvt/deb_740_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 797-2 (zsync) File : nvt/deb_797_2.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-189-01 zlib DoS File : nvt/esoft_slk_ssa_2005_189_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
17827 | zlib inftrees.c Crafted Compressed Stream Overflow DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-18 | Name : Arbitrary code could be executed on the remote database server. File : mysql_4_1_13a_or_5_0_10.nasl - Type : ACT_GATHER_INFO |
2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-773.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0264.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0629.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0525.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_10347.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_10292.nasl - Type : ACT_GATHER_INFO |
2008-11-14 | Name : The remote host contains a web browser that is affected by several issues. File : macosx_Safari3_2.nasl - Type : ACT_GATHER_INFO |
2008-11-14 | Name : The remote host contains a web browser that is affected by several issues. File : safari_3_2.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119209-36 File : solaris8_119209.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1026.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-569.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-584.nasl - Type : ACT_GATHER_INFO |
2006-06-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34566.nasl - Type : ACT_GATHER_INFO |
2006-06-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34567.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_8efe93e2ee6211d983100001020eed82.nasl - Type : ACT_GATHER_INFO |
2006-04-11 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-070.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-151-4.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-151-3.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-151-2.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-151-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-148-1.nasl - Type : ACT_GATHER_INFO |
2005-11-02 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-196.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-124.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing Sun Security Patch number 119212-36 File : solaris9_x86_119212.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing Sun Security Patch number 119211-36 File : solaris9_119211.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200509-18.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-797.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2005-007.nasl - Type : ACT_GATHER_INFO |
2005-08-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200508-01.nasl - Type : ACT_GATHER_INFO |
2005-07-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-28.nasl - Type : ACT_GATHER_INFO |
2005-07-31 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_043.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-584.nasl - Type : ACT_GATHER_INFO |
2005-07-20 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_039.nasl - Type : ACT_GATHER_INFO |
2005-07-14 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-565.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-189-01.nasl - Type : ACT_GATHER_INFO |
2005-07-08 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-112.nasl - Type : ACT_GATHER_INFO |
2005-07-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-05.nasl - Type : ACT_GATHER_INFO |
2005-07-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-740.nasl - Type : ACT_GATHER_INFO |
2005-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-569.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:05 |
|