zlib code table denial of service
| zlib-codetable-dos (21456) |  Low Risk |
Description:
zlib is vulnerable to a denial of service attack caused by improper size of the code table in the inflate.h. A remote attacker could send a specially-crafted input file to cause the zlib library to crash.
*CVSS:
| Base Score: | 3.5 |
| Access Vector: | Remote |
| Access Complexity: | Low |
| Authentication: | Not Required |
| Confidentiality Impact: | None |
| Integrity Impact: | None |
| Availability Impact: | Partial |
| Temporal Score: | 2.6 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Denial of Service
Remedy:
For VMware:
Refer to VMSA-2007-0003 for patch, upgrade or suggested workaround information. See References.
For Debian GNU/Linux 3.1:
Upgrade to the latest version of zlib (1.2.2-4.sarge.2 or later), as listed in DSA-763-1. See References.
For Gentoo Linux:
Upgrade to the latest version of Compress-zlib (1.35 or later), as listed in GLSA 200508-01 and GLSA 2005-07-19. See References.
For Gentoo Linux (Pngcrush):
Refer to Gentoo Linux Security Announcement GLSA 2006-03-18 for patch, upgrade, or suggested workaround information. See References.
For Gentoo Linux (QT):
Refer to Gentoo Linux Security Announcement GLSA 2005-09-18 for patch, upgrade, or suggested workaround information. See References.
For Gentoo Linux (emul-linux-x86-baselibs):
Refer to Gentoo Linux Security Announcement GLSA 2005-07-28 for patch, upgrade, or suggested workaround information. See References.
For SUSE Linux:
Upgrade to the latest version of zlib, as listed below. Refer to SUSE Security Announcement SUSE-SA:2005:043. See References.
X86 and x86-64 platforms:
SUSE Linux 9.3: 1.2.2-5.4 or later
SUSE Linux 9.2: 1.2.1-74.4 or later
SUSE Linux 9.1: 1.2.1-70.12 or later
For Debian GNU/Linux 3.1 (sarge):
Upgrade to the latest version of zlib (0.3.3-1.sarge.1 or later), as listed in DSA-797-1. See References.
For Conectiva Linux 10.0:
Upgrade to the latest version of zlib (1.2.1-47972U10_3cl or later), as listed in Conectiva Linux Security Announcement CLSA-2005:997. See References.
For Debian GNU/Linux:
Refer to DSA-1025-1 for patch, upgrade, or suggested workaround information. See References.
For Red Hat Linux:
Refer to RHSA-2005:584-07 for patch, upgrade, or suggested workaround information. See References.
For OpenPKG:
Refer to OpenPKG Security Advisory OpenPKG-SA-2005.014 for patch, upgrade, or suggested workaround information. See References.
For Ubuntu Linux:
Refer to USN-148-1, USN-151-1, USN-151-2, USN-151-3 and USN-151-4 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Apply the appropriate update for your system. See References.
References:
- Apple Web site: About the security content of Safari 3.2 .
- BugTraq Mailing List, Mon Oct 29 2007 - 16:05:02 CDT: Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096).
- BugTraq Mailing List, Thu Oct 18 2007 - 14:05:43 CDT : Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096).
- BugTraq Mailing List, Thu Oct 18 2007 - 14:05:51 CDT : Softwin's anti-virus BitDefender contains vulnerable zlib (CA-2007-07).
- BugTraq Mailing List, Thu Oct 18 2007 - 14:05:56 CDT : Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096).
- BugTraq Mailing List, Wed Apr 04 2007 - 15:20:26 CDT : VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates.
- CIAC Information Bulletin P-276: Apple Security Update 2005-007.
- Conectiva Linux Security Announcement CLSA-2005:997: Fix for denial of service vulnerabilities - zlib.
- Free BSD Security Advisory FreeBSD-SA-05:16.zlib: Buffer overflow in zlib.
- FreeBSD Security Advisory FreeBSD-SA-05:18.zlib: Buffer overflow in zlib.
- Full-disclosure Mailing List, Fri Jul 22 2005 - 00:32:52 CDT: zlib: Buffer overflow.
- HP SUPPORT COMMUNICATION - SECURITY BULLETIN c00589050: HPSBUX02090 SSRT051058 rev.2 - HP-UX Secure Shell Remote Denial of Service (DoS).
- zlib Web site: zlib Home Site.
- ASA-2006-016: HP-UX Secure Shell Remote Denial of Service (HPSBUX02090)
- BID-14162: Zlib Compression Library Buffer Overflow Vulnerability
- BID-14340: Zlib Compression Library Decompression Buffer Overflow Vulnerability
- BID-26168: GSview Multiple Unspecified Security Vulnerabilities
- CVE-2005-1849: inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
- CVE-2005-2096: zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
- DSA-1026: sash -- buffer overflows
- DSA-740: zlib -- remote denial of service
- DSA-763: zlib -- remote DoS
- DSA-797: zsync -- denial of service
- GLSA-200507-05: zlib: Buffer overflow
- GLSA-200507-19: zlib: Buffer overflow
- GLSA-200507-28: AMD64 x86 emulation base libraries: Buffer overflow
- GLSA-200508-01: Compress::Zlib: Buffer overflow
- GLSA-200509-18: Qt: Buffer overflow in the included zlib library
- GLSA-200603-18: Pngcrush: Buffer overflow
- MDKSA-2005:112: Updated zlib packages fix vulnerability
- MDKSA-2005:124: Updated zlib packages fix vulnerability
- MDKSA-2005:196: Updated perl-Compress-Zlib packages fix vulnerabilities
- MDKSA-2006:070: Updated sash packages fix vulnerability
- OpenPKG-SA-2005.013: zlib
- OpenPKG-SA-2005.014: zlib
- RHSA-2005-569: zlib security update
- RHSA-2005-584: zlib security update
- RHSA-2008-0264: Moderate: Red Hat Network Satellite Server Solaris client security update
- RHSA-2008-0525: Moderate: Red Hat Network Satellite Server Solaris client security update
- RHSA-2008-0629: Moderate: Red Hat Network Satellite Server Solaris client security update
- SA15949: zlib "inftrees.c" Buffer Overflow Vulnerability
- SA16137: zlib Denial of Service Vulnerability
- SA17054: CVS zlib Vulnerabilities
- SA17225: Network Security Services (NSS) Library Zlib Vulnerability
- SA17236: Sun Solaris Network Security Services (NSS) Security Tools Zlib Vulnerability
- SA18406: HP-UX Secure Shell Denial of Service Vulnerability
- SA18507: Avaya PDS HP-UX SecureShell Denial of Service Vulnerability
- SA24788: VMware ESX Server Multiple Vulnerabilities
- SECTRACK ID: 1014398: Zlib Buffer Overflow in inflate_table() May Let Remote Users Execute Arbitrary Code
- SECTRACK ID: 1014540: zlib Buffer Overflow in `inftrees.c` Lets Remote Users Deny Service
- SUSE-SA:2005:039: zlib: remote denial of service
- SUSE-SA:2005:043: zlib: denial of service
- SUSE-SR:2005:017: SUSE Security Summary Report
Platforms Affected:
- Apple Safari 3
- BitDefender BitDefender Free Edition 10 and prior
- Canonical Ubuntu 4.10
- Canonical Ubuntu 5.04
- Canonical Ubuntu 5.10
- Conectiva Linux 10
- cURL cURL 7.17.0
- Debian Debian Linux 3.1
- Gentoo Linux
- GNU zlib 1.0
- GNU zlib 1.0.1
- GNU zlib 1.0.2
- GNU zlib 1.0.3
- GNU zlib 1.0.4
- GNU zlib 1.0.5
- GNU zlib 1.0.6
- GNU zlib 1.0.7
- GNU zlib 1.0.8
- GNU zlib 1.0.9
- GNU zlib 1.1
- GNU zlib 1.1.1
- GNU zlib 1.1.2
- GNU zlib 1.1.3
- GNU zlib 1.1.4
- GNU zlib 1.2.0
- GNU zlib 1.2.1
- GNU zlib 1.2.1.3
- GNU zlib 1.2.2
- Gsview Gsview 4.8
- MandrakeSoft Mandrake Linux 10.0
- MandrakeSoft Mandrake Linux 10.0 AMD64
- MandrakeSoft Mandrake Linux 10.1
- MandrakeSoft Mandrake Linux 10.1 X86_64
- MandrakeSoft Mandrake Linux 2006 X86_64
- MandrakeSoft Mandrake Linux 2006
- MandrakeSoft Mandrake Linux LE2005
- MandrakeSoft Mandrake Linux LE2005 X86_64
- MandrakeSoft Mandrake Linux Corporate Server 2.1
- MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
- MandrakeSoft Mandrake Linux Corporate Server 3.0 X86_64
- MandrakeSoft Mandrake Linux Corporate Server 3.0
- MandrakeSoft Mandrake Multi Network Firewall 2.0
- Novell Linux Desktop 9
- Novell Open Enterprise 9 Server
- Novell Open Enterprise Server
- Novell Open Enterprise Server
- OpenPKG OpenPKG 2.3
- OpenPKG OpenPKG 2.4
- OpenPKG OpenPKG CURRENT
- RedHat Enterprise Linux 4 AS
- RedHat Enterprise Linux 4 WS
- RedHat Enterprise Linux 4 Desktop
- RedHat Enterprise Linux 4 ES
- RedHat Network Satellite Server 4.2
- RedHat Network Satellite Server 5.0
- RedHat Network Satellite Server 5.1
- SuSE Linux Enterprise Server 9
- SUSE SuSE Linux 9.1
- SUSE SuSE Linux 9.2
- SUSE SuSE Linux 9.3
- SuSE SuSE SLES 9
- Turbolinux Turbolinux 10 Server
- VMware ESX Server 3.0.0
- VMware ESX Server 3.0.1
Reported:
Jul 21, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.