Executive Summary
Summary | |
---|---|
Title | zlib security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:584 | First vendor Publication | 2005-07-21 |
Vendor | RedHat | Last vendor Modification | 2005-07-21 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Zlib is a general-purpose lossless data compression library that is used by many different programs. A previous zlib update, RHSA-2005:569 (CAN-2005-2096) fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. Note that the versions of zlib shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue. All users should update to these errata packages that contain a patch from Mark Adler that corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 163037 - CAN-2005-1849 zlib buffer overflow |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-584.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11402 | |||
Oval ID: | oval:org.mitre.oval:def:11402 | ||
Title: | inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. | ||
Description: | inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1849 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11500 | |||
Oval ID: | oval:org.mitre.oval:def:11500 | ||
Title: | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | ||
Description: | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2096 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1262 | |||
Oval ID: | oval:org.mitre.oval:def:1262 | ||
Title: | zlib Compression Remote DoS Vulnerability (B.11.23) | ||
Description: | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2096 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | SecureShell |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1542 | |||
Oval ID: | oval:org.mitre.oval:def:1542 | ||
Title: | zlib Compression Remote DoS Vulnerability (B.11.00/B.11.11) | ||
Description: | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2096 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | SecureShell |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
ExploitDB Exploits
id | Description |
---|---|
2011-04-01 | IPComp encapsulation pre-auth kernel memory corruption |
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-19 | Name : Fedora Core 11 FEDORA-2009-10262 (deltarpm) File : nvt/fcore_2009_10262.nasl |
2009-10-13 | Name : Fedora Core 10 FEDORA-2009-10233 (deltarpm) File : nvt/fcore_2009_10233.nasl |
2009-10-13 | Name : Fedora Core 11 FEDORA-2009-10237 (deltarpm) File : nvt/fcore_2009_10237.nasl |
2009-10-10 | Name : SLES9: Security update for zlib File : nvt/sles9p5021486.nasl |
2009-10-10 | Name : SLES9: Security update for perl-Compress-Zlib File : nvt/sles9p5018309.nasl |
2009-10-10 | Name : SLES9: Security update for zlib File : nvt/sles9p5016451.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200603-18 (pngcrush) File : nvt/glsa_200603_18.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-18 (qt) File : nvt/glsa_200509_18.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200508-01 (Compress-Zlib) File : nvt/glsa_200508_01.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-28 (emul-linux-x86-baselibs) File : nvt/glsa_200507_28.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-05 (zlib) File : nvt/glsa_200507_05.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-19 (zlib) File : nvt/glsa_200507_19.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-05:18.zlib.asc) File : nvt/freebsdsa_zlib1.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-05:16.zlib.asc) File : nvt/freebsdsa_zlib.nasl |
2008-09-04 | Name : FreeBSD Ports: zsync File : nvt/freebsd_zsync.nasl |
2008-09-04 | Name : FreeBSD Ports: linux_base-suse File : nvt/freebsd_linux_base-suse.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1026-1 (sash) File : nvt/deb_1026_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 797-2 (zsync) File : nvt/deb_797_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 763-1 (zlib) File : nvt/deb_763_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 740-1 (zlib) File : nvt/deb_740_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-189-01 zlib DoS File : nvt/esoft_slk_ssa_2005_189_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
18141 | zlib inftrees.c Invalid File Overflow Local DoS |
17827 | zlib inftrees.c Crafted Compressed Stream Overflow DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-18 | Name : Arbitrary code could be executed on the remote database server. File : mysql_4_1_13a_or_5_0_10.nasl - Type : ACT_GATHER_INFO |
2012-01-18 | Name : The remote database server is vulnerable to a denial of service attack. File : mysql_4_1_13a_or_5_0_11.nasl - Type : ACT_GATHER_INFO |
2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-773.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0525.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0629.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0264.nasl - Type : ACT_GATHER_INFO |
2009-10-15 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10262.nasl - Type : ACT_GATHER_INFO |
2009-10-09 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10237.nasl - Type : ACT_GATHER_INFO |
2009-10-09 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10233.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_10292.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_10347.nasl - Type : ACT_GATHER_INFO |
2008-11-14 | Name : The remote host contains a web browser that is affected by several issues. File : macosx_Safari3_2.nasl - Type : ACT_GATHER_INFO |
2008-11-14 | Name : The remote host contains a web browser that is affected by several issues. File : safari_3_2.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119209-36 File : solaris8_119209.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1026.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-584.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-569.nasl - Type : ACT_GATHER_INFO |
2006-06-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34567.nasl - Type : ACT_GATHER_INFO |
2006-06-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34566.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_837b9fb2059511da86bc000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_8efe93e2ee6211d983100001020eed82.nasl - Type : ACT_GATHER_INFO |
2006-04-11 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-070.nasl - Type : ACT_GATHER_INFO |
2006-03-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200603-18.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-151-4.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-148-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-151-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-151-2.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-151-3.nasl - Type : ACT_GATHER_INFO |
2005-11-02 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-196.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-124.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing Sun Security Patch number 119212-36 File : solaris9_x86_119212.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing Sun Security Patch number 119211-36 File : solaris9_119211.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200509-18.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-797.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2005-007.nasl - Type : ACT_GATHER_INFO |
2005-08-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200508-01.nasl - Type : ACT_GATHER_INFO |
2005-07-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-28.nasl - Type : ACT_GATHER_INFO |
2005-07-31 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_043.nasl - Type : ACT_GATHER_INFO |
2005-07-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-626.nasl - Type : ACT_GATHER_INFO |
2005-07-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-625.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-584.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-19.nasl - Type : ACT_GATHER_INFO |
2005-07-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-763.nasl - Type : ACT_GATHER_INFO |
2005-07-20 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_039.nasl - Type : ACT_GATHER_INFO |
2005-07-14 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-565.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-189-01.nasl - Type : ACT_GATHER_INFO |
2005-07-08 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-112.nasl - Type : ACT_GATHER_INFO |
2005-07-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-05.nasl - Type : ACT_GATHER_INFO |
2005-07-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-740.nasl - Type : ACT_GATHER_INFO |
2005-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-569.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:31 |
|