zlib code table denial of service

zlib-codetable-dos (21456)

Low Risk

Description:

zlib is vulnerable to a denial of service attack caused by improper size of the code table in the inflate.h. A remote attacker could send a specially-crafted input file to cause the zlib library to crash.

Platforms Affected:

• Apple, Safari 3
• BitDefender, BitDefender Free Edition 10 and prior
• Canonical, Ubuntu 4.10
• Canonical, Ubuntu 5.04
• Canonical, Ubuntu 5.10
• Conectiva, Linux 10
• cURL, cURL 7.17.0
• Debian, Debian Linux 3.1
• Gentoo, Linux
• GNU, zlib 1.0
• GNU, zlib 1.0.1
• GNU, zlib 1.0.2
• GNU, zlib 1.0.3
• GNU, zlib 1.0.4
• GNU, zlib 1.0.5
• GNU, zlib 1.0.6
• GNU, zlib 1.0.7
• GNU, zlib 1.0.8
• GNU, zlib 1.0.9
• GNU, zlib 1.1
• GNU, zlib 1.1.1
• GNU, zlib 1.1.2
• GNU, zlib 1.1.3
• GNU, zlib 1.1.4
• GNU, zlib 1.2.0
• GNU, zlib 1.2.1
• GNU, zlib 1.2.1.3
• GNU, zlib 1.2.2
• Gsview, Gsview 4.8
• MandrakeSoft, Mandrake Linux 10.0 AMD64
• MandrakeSoft, Mandrake Linux 10.0
• MandrakeSoft, Mandrake Linux 10.1 X86_64
• MandrakeSoft, Mandrake Linux 10.1
• MandrakeSoft, Mandrake Linux 2006 X86_64
• MandrakeSoft, Mandrake Linux 2006
• MandrakeSoft, Mandrake Linux LE2005
• MandrakeSoft, Mandrake Linux LE2005 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 2.1
• MandrakeSoft, Mandrake Linux Corporate Server 2.1 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 3.0
• MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
• MandrakeSoft, Mandrake Multi Network Firewall 2.0
• Novell, Linux Desktop 9
• Novell, Open Enterprise 9 Server
• Novell, Open Enterprise Server
• Novell, Open Enterprise Server
• OpenPKG, OpenPKG 2.3
• OpenPKG, OpenPKG 2.4
• OpenPKG, OpenPKG CURRENT
• RedHat, Enterprise Linux 4 AS
• RedHat, Enterprise Linux 4 ES
• RedHat, Enterprise Linux 4 WS
• RedHat, Enterprise Linux 4 Desktop
• RedHat, Network Satellite Server 4.2
• RedHat, Network Satellite Server 5.0
• RedHat, Network Satellite Server 5.1
• SuSE, Linux Enterprise Server 9
• SuSE, SuSE Linux 9.1
• SuSE, SuSE Linux 9.2
• SuSE, SuSE Linux 9.3
• SuSE, SuSE SLES 9
• Turbolinux, Turbolinux 10 Server
• VMware, ESX Server 3.0.0
• VMware, ESX Server 3.0.1

Remedy:

For VMware:
Refer to VMSA-2007-0003 for patch, upgrade or suggested workaround information. See References.

For Debian GNU/Linux 3.1:
Upgrade to the latest version of zlib (1.2.2-4.sarge.2 or later), as listed in DSA-763-1. See References.

For Gentoo Linux:
Upgrade to the latest version of Compress-zlib (1.35 or later), as listed in GLSA 200508-01 and GLSA 2005-07-19. See References.

For Gentoo Linux (Pngcrush):
Refer to Gentoo Linux Security Announcement GLSA 2006-03-18 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (QT):
Refer to Gentoo Linux Security Announcement GLSA 2005-09-18 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (emul-linux-x86-baselibs):
Refer to Gentoo Linux Security Announcement GLSA 2005-07-28 for patch, upgrade, or suggested workaround information. See References.

For SUSE Linux:
Upgrade to the latest version of zlib, as listed below. Refer to SUSE Security Announcement SUSE-SA:2005:043. See References.

X86 and x86-64 platforms:
SUSE Linux 9.3: 1.2.2-5.4 or later
SUSE Linux 9.2: 1.2.1-74.4 or later
SUSE Linux 9.1: 1.2.1-70.12 or later

For Debian GNU/Linux 3.1 (sarge):
Upgrade to the latest version of zlib (0.3.3-1.sarge.1 or later), as listed in DSA-797-1. See References.

For Conectiva Linux 10.0:
Upgrade to the latest version of zlib (1.2.1-47972U10_3cl or later), as listed in Conectiva Linux Security Announcement CLSA-2005:997. See References.

For Debian GNU/Linux:
Refer to DSA-1025-1 for patch, upgrade, or suggested workaround information. See References.

For Red Hat Linux:
Refer to RHSA-2005:584-07 for patch, upgrade, or suggested workaround information. See References.

For OpenPKG:
Refer to OpenPKG Security Advisory OpenPKG-SA-2005.014 for patch, upgrade, or suggested workaround information. See References.

For Ubuntu Linux:
Refer to USN-148-1, USN-151-1, USN-151-2, USN-151-3 and USN-151-4 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Denial of Service

References:

• Apple Web site, About the security content of Safari 3.2 at http://support.apple.com/kb/HT3298.
• BugTraq Mailing List, Mon Oct 29 2007 - 16:05:02 CDT, Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096) at http://archives.neohapsis.com/archives/bugtraq/2007-10/0420.html.
• BugTraq Mailing List, Thu Oct 18 2007 - 14:05:43 CDT , Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) at http://archives.neohapsis.com/archives/bugtraq/2007-10/0292.html.
• BugTraq Mailing List, Thu Oct 18 2007 - 14:05:51 CDT , Softwin's anti-virus BitDefender contains vulnerable zlib (CA-2007-07) at http://archives.neohapsis.com/archives/bugtraq/2007-10/0293.html.
• BugTraq Mailing List, Thu Oct 18 2007 - 14:05:56 CDT , Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096) at http://archives.neohapsis.com/archives/bugtraq/2007-10/0296.html.
• BugTraq Mailing List, Wed Apr 04 2007 - 15:20:26 CDT , VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates at http://archives.neohapsis.com/archives/bugtraq/2007-04/0098.html.
• CIAC Information Bulletin P-276, Apple Security Update 2005-007 at http://www.ciac.org/ciac/bulletins/p-276.shtml.
• Conectiva Linux Security Announcement CLSA-2005:997, Fix for denial of service vulnerabilities - zlib at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000997.
• Free BSD Security Advisory FreeBSD-SA-05:16.zlib, Buffer overflow in zlib at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc.
• FreeBSD Security Advisory FreeBSD-SA-05:18.zlib, Buffer overflow in zlib at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zlib.asc.
• Full-disclosure Mailing List, Fri Jul 22 2005 - 00:32:52 CDT, zlib: Buffer overflow at http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0511.html.
• HP SUPPORT COMMUNICATION - SECURITY BULLETIN c00589050, HPSBUX02090 SSRT051058 rev.2 - HP-UX Secure Shell Remote Denial of Service (DoS) at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00589050.
• zlib Web site, zlib Home Site at http://www.zlib.net/.
• ASA-2006-016: HP-UX Secure Shell Remote Denial of Service (HPSBUX02090)
• BID-14162: Zlib Compression Library Buffer Overflow Vulnerability
• BID-14340: Zlib Compression Library Decompression Buffer Overflow Vulnerability
• BID-26168: GSview Multiple Unspecified Security Vulnerabilities
• CVE-2005-1849: inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
• CVE-2005-2096: zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
• DSA-1026: sash -- buffer overflows
• DSA-740: zlib -- remote denial of service
• DSA-763: zlib -- remote DoS
• DSA-797: zsync -- denial of service
• GLSA-200507-05: zlib: Buffer overflow
• GLSA-200507-19: zlib: Buffer overflow
• GLSA-200507-28: AMD64 x86 emulation base libraries: Buffer overflow
• GLSA-200508-01: Compress::Zlib: Buffer overflow
• GLSA-200509-18: Qt: Buffer overflow in the included zlib library
• GLSA-200603-18: Pngcrush: Buffer overflow
• MDKSA-2005:112: Updated zlib packages fix vulnerability
• MDKSA-2005:124: Updated zlib packages fix vulnerability
• MDKSA-2005:196: Updated perl-Compress-Zlib packages fix vulnerabilities
• MDKSA-2006:070: Updated sash packages fix vulnerability
• OpenPKG-SA-2005.013: zlib
• OpenPKG-SA-2005.014: zlib
• RHSA-2005-569: zlib security update
• RHSA-2005-584: zlib security update
• RHSA-2008-0264: Moderate: Red Hat Network Satellite Server Solaris client security update
• RHSA-2008-0525: Moderate: Red Hat Network Satellite Server Solaris client security update
• RHSA-2008-0629: Moderate: Red Hat Network Satellite Server Solaris client security update
• SA15949: zlib "inftrees.c" Buffer Overflow Vulnerability
• SA16137: zlib Denial of Service Vulnerability
• SA17054: CVS zlib Vulnerabilities
• SA17225: Network Security Services (NSS) Library Zlib Vulnerability
• SA17236: Sun Solaris Network Security Services (NSS) Security Tools Zlib Vulnerability
• SA18406: HP-UX Secure Shell Denial of Service Vulnerability
• SA18507: Avaya PDS HP-UX SecureShell Denial of Service Vulnerability
• SA24788: VMware ESX Server Multiple Vulnerabilities
• SECTRACK ID: 1014398: Zlib Buffer Overflow in inflate_table() May Let Remote Users Execute Arbitrary Code
• SECTRACK ID: 1014540: zlib Buffer Overflow in `inftrees.c` Lets Remote Users Deny Service
• SUSE-SA:2005:039: zlib: remote denial of service
• SUSE-SA:2005:043: zlib: denial of service
• SUSE-SR:2005:017: SUSE Security Summary Report

Reported:

Jul 21, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page