CVE-2002-0059
CVSS7.5
发布时间 :2002-03-15 00:00:00
修订时间 :2008-09-10 15:11:10
NMCOS    

[原文]The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.


[CNNVD]Zlib压缩库堆腐烂漏洞(CNNVD-200203-028)

        zlib 1.1.3及其早期版本的解压算法使用在许多不同实用程序和数据包时导致inflateEnd多次(“重复释放”)释放某些内存。本地和远程攻击者借助畸形压缩数据块执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:gnu:zlib:1.1.2GNU zlib 1.1.2
cpe:/a:gnu:zlib:1.0.9GNU zlib 1.0.9
cpe:/a:gnu:zlib:1.1.3GNU zlib 1.1.3
cpe:/a:gnu:zlib:1.0.1GNU zlib 1.0.1
cpe:/a:gnu:zlib:1.0.7GNU zlib 1.0.7
cpe:/a:gnu:zlib:1.0.3GNU zlib 1.0.3
cpe:/a:gnu:zlib:1.0.6GNU zlib 1.0.6
cpe:/a:gnu:zlib:1.1GNU zlib 1.1
cpe:/a:gnu:zlib:1.0.4GNU zlib 1.0.4
cpe:/a:gnu:zlib:1.0GNU zlib 1.0
cpe:/a:gnu:zlib:1.0.5GNU zlib 1.0.5
cpe:/a:gnu:zlib:1.0.8GNU zlib 1.0.8
cpe:/a:gnu:zlib:1.0.2GNU zlib 1.0.2
cpe:/a:gnu:zlib:1.1.1GNU zlib 1.1.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0059
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0059
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-028
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/368819
(UNKNOWN)  CERT-VN  VU#368819
http://www.cert.org/advisories/CA-2002-07.html
(UNKNOWN)  CERT  CA-2002-07
http://www.redhat.com/support/errata/RHSA-2002-027.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2002:027
http://www.redhat.com/support/errata/RHSA-2002-026.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2002:026
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
(VENDOR_ADVISORY)  MANDRAKE  MDKSA-2002:023
http://xforce.iss.net/xforce/xfdb/8427
(UNKNOWN)  XF  zlib-doublefree-memory-corruption(8427)
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
(UNKNOWN)  HP  HPSBTL0204-037
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
(UNKNOWN)  HP  HPSBTL0204-036
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
(UNKNOWN)  HP  HPSBTL0204-030
http://www.securityfocus.com/bid/4267
(UNKNOWN)  BID  4267
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
(UNKNOWN)  MANDRAKE  MDKSA-2002:024
http://www.debian.org/security/2002/dsa-122
(UNKNOWN)  DEBIAN  DSA-122
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
(UNKNOWN)  CALDERA  CSSA-2002-014.1
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
(UNKNOWN)  MANDRAKE  MDKSA-2002:022
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
(UNKNOWN)  CONECTIVA  CLA-2002:469
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
(UNKNOWN)  CALDERA  CSSA-2002-015.1

- 漏洞信息

Zlib压缩库堆腐烂漏洞
高危 设计错误
2002-03-15 00:00:00 2005-10-12 00:00:00
远程※本地  
        zlib 1.1.3及其早期版本的解压算法使用在许多不同实用程序和数据包时导致inflateEnd多次(“重复释放”)释放某些内存。本地和远程攻击者借助畸形压缩数据块执行任意代码。

- 公告与补丁

        Various fixes for 'zlib' packages have been released as well as upgrades for utilities that are statically linked to the library (or that include borrowed code). Please see the references for more information.
        
        zlib zlib 1.0
        
        
        zlib zlib 1.0.2
        
        zlib zlib 1.0.3
        
        zlib zlib 1.0.4
        
        zlib zlib 1.0.5
        
        zlib zlib 1.0.7
        
        zlib zlib 1.1
        
        zlib zlib 1.1.2
        
        
        
        
        
        GNOME Gnome 2.0
        
        Sun SunOS 5.8
        
        Real Networks Real Server 6.0 x
        
        SGI IRIX 6.5.1
        
        SGI IRIX 6.5.11
        
        SGI IRIX 6.5.13 m
        
        SGI IRIX 6.5.13 f
        
        SGI IRIX 6.5.14 f
        
        SGI IRIX 6.5.14 m
        
        SGI IRIX 6.5.15 m
        
        SGI IRIX 6.5.16 f
        
        SGI IRIX 6.5.16 m
        
        SGI IRIX 6.5.17 m
        
        SGI IRIX 6.5.2
        
        SGI IRIX 6.5.3
        
        SGI IRIX 6.5.4
        
        SGI IRIX 6.5.5
        
        SGI IRIX 6.5.6
        

Products

Ethereal

Ethereal

Unknown or Unspecified

Tony Hoyle

CVSNT

Unknown or Unspecified

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

ZLib Compression Library Heap Corruption Vulnerability
Design Error 4267
Yes Yes
2002-03-11 12:00:00 2007-10-24 04:37:00
Credited to Mark J Cox <mjc@redhat.com>, Matthias Clasen <maclas@gmx.de>, Owen Taylor <otaylor@redhat.com>.

- 受影响的程序版本

zlib zlib 1.1.3
zlib zlib 1.1.2
zlib zlib 1.1.1
zlib zlib 1.1
zlib zlib 1.0.9
zlib zlib 1.0.8
zlib zlib 1.0.7
zlib zlib 1.0.6
zlib zlib 1.0.5
zlib zlib 1.0.4
- XFree86 X11R6 3.3.6
- XFree86 X11R6 3.3.5
- XFree86 X11R6 3.3.4
- XFree86 X11R6 3.3.3
- XFree86 X11R6 3.3.2
- XFree86 X11R6 3.3
zlib zlib 1.0.3
zlib zlib 1.0.2
zlib zlib 1.0.1
zlib zlib 1.0
Sun SunOS 5.8 _x86
Sun SunOS 5.8
Sun SDK (Windows Production Release) 1.4
Sun SDK (Windows Production Release) 1.3.1 _03
Sun SDK (Windows Production Release) 1.3 .0_05
Sun SDK (Windows Production Release) 1.2.2 _011
Sun SDK (Solaris Reference Release) 1.2.2 _011
Sun SDK (Solaris Production Release) 1.4
Sun SDK (Solaris Production Release) 1.3.1 _03
Sun SDK (Solaris Production Release) 1.3 _05
Sun SDK (Solaris Production Release) 1.2.2 _011
Sun SDK (Linux Production Release) 1.4
Sun SDK (Linux Production Release) 1.3.1 _03
Sun SDK (Linux Production Release) 1.3 _05
Sun SDK (Linux Production Release) 1.2.2 _011
Sun OpenWindows 3.6.2
Sun OpenWindows 3.6.1
Sun JRE (Windows Production Release) 1.4
Sun JRE (Windows Production Release) 1.3.1 _03
+ Macromedia ColdFusion Server MX Professional
+ Macromedia ColdFusion Server MX Enterprise
+ Macromedia ColdFusion Server MX Developer
Sun JRE (Windows Production Release) 1.3 .0_05
Sun JRE (Windows Production Release) 1.2.2 _011
Sun JRE (Windows Production Release) 1.1.8 _009
Sun JRE (Solaris Reference Release) 1.2.2 _011
Sun JRE (Solaris Reference Release) 1.1.8 _099
Sun JRE (Solaris Production Release) 1.4
Sun JRE (Solaris Production Release) 1.3.1 _03
+ Macromedia ColdFusion Server MX Professional
+ Macromedia ColdFusion Server MX Enterprise
+ Macromedia ColdFusion Server MX Developer
Sun JRE (Solaris Production Release) 1.3 .0_05
Sun JRE (Solaris Production Release) 1.2.2 _011
Sun JRE (Solaris Production Release) 1.1.8 _009
Sun JRE (Linux Production Release) 1.4
Sun JRE (Linux Production Release) 1.3.1 _03
Sun JRE (Linux Production Release) 1.3 .0_05
Sun JRE (Linux Production Release) 1.2.2 _011
Sun JDK (Windows Production Release) 1.1.8 _009
Sun JDK (Solaris Reference Release) 1.1.8 _099
Sun JDK (Solaris Production Release) 1.1.8 _009
Sun JDK (Linux Production Release) 1.1.8 _09
Softwin BitDefender 8.0
Softwin BitDefender 7.2
Softwin BitDefender 10.0
SGI IRIX 6.5.17 m
SGI IRIX 6.5.17 f
SGI IRIX 6.5.16 m
SGI IRIX 6.5.16 f
SGI IRIX 6.5.15 m
SGI IRIX 6.5.15 f
SGI IRIX 6.5.14 m
SGI IRIX 6.5.14 f
SGI IRIX 6.5.13 m
SGI IRIX 6.5.13 f
SGI IRIX 6.5.12
SGI IRIX 6.5.11
SGI IRIX 6.5.10
SGI IRIX 6.5.9
SGI IRIX 6.5.8
SGI IRIX 6.5.7
SGI IRIX 6.5.6
SGI IRIX 6.5.5
SGI IRIX 6.5.4
SGI IRIX 6.5.3
SGI IRIX 6.5.2
SGI IRIX 6.5.1
SGI IRIX 6.5
Rit Research Labs The Bat! 2.0 3 Beta
Rit Research Labs The Bat! 2.0 1
Rit Research Labs The Bat! 2.0
Rit Research Labs The Bat! 1.101
Rit Research Labs The Bat! 1.53 d
Rit Research Labs The Bat! 1.52
Rit Research Labs The Bat! 1.51
Rit Research Labs The Bat! 1.49
Rit Research Labs The Bat! 1.48
Rit Research Labs The Bat! 1.47
Rit Research Labs The Bat! 1.46
Rit Research Labs The Bat! 1.45
Rit Research Labs The Bat! 1.44
Rit Research Labs The Bat! 1.43
Rit Research Labs The Bat! 1.42 f
Rit Research Labs The Bat! 1.42
Rit Research Labs The Bat! 1.41
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Rit Research Labs The Bat! 1.39
Rit Research Labs The Bat! 1.36
Rit Research Labs The Bat! 1.35
Rit Research Labs The Bat! 1.34
Rit Research Labs The Bat! 1.33
Rit Research Labs The Bat! 1.32
Rit Research Labs The Bat! 1.31
Rit Research Labs The Bat! 1.22
Rit Research Labs The Bat! 1.21
Rit Research Labs The Bat! 1.19
Rit Research Labs The Bat! 1.18
Rit Research Labs The Bat! 1.17
Rit Research Labs The Bat! 1.15
Rit Research Labs The Bat! 1.14
Rit Research Labs The Bat! 1.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Rit Research Labs The Bat! 1.1
Rit Research Labs The Bat! 1.0 43
Rit Research Labs The Bat! 1.0 41
Rit Research Labs The Bat! 1.0 39
Rit Research Labs The Bat! 1.0 37
Rit Research Labs The Bat! 1.0 36
Rit Research Labs The Bat! 1.0 35
Rit Research Labs The Bat! 1.0 32
Rit Research Labs The Bat! 1.0 31
Rit Research Labs The Bat! 1.0 29
Rit Research Labs The Bat! 1.0 28
Rit Research Labs The Bat! 1.0 15
Rit Research Labs The Bat! 1.0 11
Rit Research Labs The Bat! 1.0 build 1349
Rit Research Labs The Bat! 1.0 build 1336
Real Networks RealSystem Proxy 8.0
Real Networks Real Server 8.0
Real Networks Real Server 7.0.2
Real Networks Real Server 7.0.1
Real Networks Real Server 7.0
Real Networks Real Server 6.0 x
Real Networks Helix Universal Server 9.0
Real Networks Helix Universal Proxy 9.0
Real Networks Helix Universal Gateway 9.0
Macromedia Flash 6.0.47 .0
Macromedia Flash 6.0
+ Microsoft Internet Explorer 5.0.1 SP2
+ Microsoft Internet Explorer 5.0.1 SP2
+ Microsoft Internet Explorer 5.0.1 SP1
+ Microsoft Internet Explorer 5.0.1 SP1
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 6.0
+ Microsoft Internet Explorer 6.0
+ Microsoft Internet Explorer 5.5 SP2
+ Microsoft Internet Explorer 5.5 SP2
+ Microsoft Internet Explorer 5.5 SP1
+ Microsoft Internet Explorer 5.5 SP1
+ Microsoft Internet Explorer 5.5 preview
+ Microsoft Internet Explorer 5.5 preview
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.0
+ Microsoft Internet Explorer 5.0
+ Microsoft Windows XP Embedded SP3
+ Microsoft Windows XP Embedded SP2
+ Microsoft Windows XP Home SP3
+ Microsoft Windows XP Home SP2
+ Microsoft Windows XP Media Center Edition SP3
+ Microsoft Windows XP Media Center Edition SP2
+ Microsoft Windows XP Professional SP3
+ Microsoft Windows XP Professional SP2
+ Microsoft Windows XP Professional x64 Edition SP2
+ Microsoft Windows XP Tablet PC Edition SP3
+ Microsoft Windows XP Tablet PC Edition SP2
+ Netscape Communicator 6.1
+ Netscape Communicator 6.1
+ Netscape Communicator 4.78
+ Netscape Communicator 4.78
+ Netscape Communicator 4.77
+ Netscape Communicator 4.77
+ Netscape Communicator 4.76
+ Netscape Communicator 4.76
+ Netscape Communicator 4.75
+ Netscape Communicator 4.75
+ Netscape Communicator 4.74
+ Netscape Communicator 4.74
+ Netscape Communicator 4.73
+ Netscape Communicator 4.73
+ Netscape Communicator 4.72
+ Netscape Communicator 4.72
+ Netscape Communicator 4.61
+ Netscape Communicator 4.61
+ Netscape Communicator 4.51
+ Netscape Communicator 4.51
+ Netscape Communicator 4.7
+ Netscape Communicator 4.7
+ Netscape Communicator 4.6
+ Netscape Communicator 4.6
+ RedHat netscape-common-4.76-11.i386.rpm
+ RedHat netscape-common-4.78-2.i386.rpm
+ RedHat netscape-common-4.79-1.i386.rpm
+ RedHat netscape-communicator-4.76-11.i386.rpm
+ RedHat netscape-communicator-4.78-2.i386.rpm
+ RedHat netscape-communicator-4.79-1.i386.rpm
+ RedHat netscape-navigator-4.76-11.i386.rpm
+ RedHat netscape-navigator-4.78-2.i386.rpm
+ RedHat netscape-navigator-4.79-1.i386.rpm
Macromedia Flash 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
HP Secure OS software for Linux 1.0
GNOME Gnome 2.0
Compaq Tru64 5.1 a PK3 (BL3)
Compaq Tru64 5.1 a
Compaq Tru64 5.1
Cisco Metro 1500 DWDM
Cisco ME1100
Cisco IDS-4230-xx
Cisco IDS-4220-E
Cisco IDS-4210
Cisco Hosting Solution Engine 1.3
Cisco Hosting Solution Engine 1.0
Cisco Content Router 4430
Cisco Content Engine 7320
Cisco Content Engine 590
Cisco Content Engine 560
Cisco Content Engine 507
Cisco Content Distribution Manager 4650
Cisco Content Distribution Manager 4630
Cisco Catalyst 6000 IDS Module
zlib zlib 1.1.4
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ GLT GLT 0.6
+ NetBSD NetBSD 1.6
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5
- NullSoft Winamp 2.79
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ Sun Cobalt Qube 3
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 Japanese 4000WGJ
+ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
+ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
+ Sun Cobalt Qube3 w/ Caching and RAID 4100WG
+ Sun Cobalt Qube3 w/Caching 4010WG
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ XTR
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR Japanese 3500R-ja
+ Sun Cobalt RaQ4 3001R
+ Sun Cobalt RaQ4 Japanese RAID 3100R-ja
+ Sun Cobalt RaQ4 RAID 3100R
+ Sun Linux 5.0
Sun Java 2 Standard Edition SDK 1.4.1
SGI IRIX 6.5.18
Macromedia Flash 6.0
+ Microsoft Internet Explorer 5.0.1 SP2
+ Microsoft Internet Explorer 5.0.1 SP2
+ Microsoft Internet Explorer 5.0.1 SP1
+ Microsoft Internet Explorer 5.0.1 SP1
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 6.0
+ Microsoft Internet Explorer 6.0
+ Microsoft Internet Explorer 5.5 SP2
+ Microsoft Internet Explorer 5.5 SP2
+ Microsoft Internet Explorer 5.5 SP1
+ Microsoft Internet Explorer 5.5 SP1
+ Microsoft Internet Explorer 5.5 preview
+ Microsoft Internet Explorer 5.5 preview
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.0
+ Microsoft Internet Explorer 5.0
+ Microsoft Windows XP Embedded SP3
+ Microsoft Windows XP Embedded SP2
+ Microsoft Windows XP Home SP3
+ Microsoft Windows XP Home SP2
+ Microsoft Windows XP Media Center Edition SP3
+ Microsoft Windows XP Media Center Edition SP2
+ Microsoft Windows XP Professional SP3
+ Microsoft Windows XP Professional SP2
+ Microsoft Windows XP Professional x64 Edition SP2
+ Microsoft Windows XP Tablet PC Edition SP3
+ Microsoft Windows XP Tablet PC Edition SP2
+ Netscape Communicator 6.1
+ Netscape Communicator 6.1
+ Netscape Communicator 4.78
+ Netscape Communicator 4.78
+ Netscape Communicator 4.77
+ Netscape Communicator 4.77
+ Netscape Communicator 4.76
+ Netscape Communicator 4.76
+ Netscape Communicator 4.75
+ Netscape Communicator 4.75
+ Netscape Communicator 4.74
+ Netscape Communicator 4.74
+ Netscape Communicator 4.73
+ Netscape Communicator 4.73
+ Netscape Communicator 4.72
+ Netscape Communicator 4.72
+ Netscape Communicator 4.61
+ Netscape Communicator 4.61
+ Netscape Communicator 4.51
+ Netscape Communicator 4.51
+ Netscape Communicator 4.7
+ Netscape Communicator 4.7
+ Netscape Communicator 4.6
+ Netscape Communicator 4.6
+ RedHat netscape-common-4.76-11.i386.rpm
+ RedHat netscape-common-4.78-2.i386.rpm
+ RedHat netscape-common-4.79-1.i386.rpm
+ RedHat netscape-communicator-4.76-11.i386.rpm
+ RedHat netscape-communicator-4.78-2.i386.rpm
+ RedHat netscape-communicator-4.79-1.i386.rpm
+ RedHat netscape-navigator-4.76-11.i386.rpm
+ RedHat netscape-navigator-4.78-2.i386.rpm
+ RedHat netscape-navigator-4.79-1.i386.rpm
Compaq Tru64 5.0 a
Compaq Tru64 5.0
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f

- 不受影响的程序版本

zlib zlib 1.1.4
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ GLT GLT 0.6
+ NetBSD NetBSD 1.6
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5
- NullSoft Winamp 2.79
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ Sun Cobalt Qube 3
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 Japanese 4000WGJ
+ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
+ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
+ Sun Cobalt Qube3 w/ Caching and RAID 4100WG
+ Sun Cobalt Qube3 w/Caching 4010WG
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ XTR
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR Japanese 3500R-ja
+ Sun Cobalt RaQ4 3001R
+ Sun Cobalt RaQ4 Japanese RAID 3100R-ja
+ Sun Cobalt RaQ4 RAID 3100R
+ Sun Linux 5.0
Sun Java 2 Standard Edition SDK 1.4.1
SGI IRIX 6.5.18
Macromedia Flash 6.0
+ Microsoft Internet Explorer 5.0.1 SP2
+ Microsoft Internet Explorer 5.0.1 SP2
+ Microsoft Internet Explorer 5.0.1 SP1
+ Microsoft Internet Explorer 5.0.1 SP1
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 6.0
+ Microsoft Internet Explorer 6.0
+ Microsoft Internet Explorer 5.5 SP2
+ Microsoft Internet Explorer 5.5 SP2
+ Microsoft Internet Explorer 5.5 SP1
+ Microsoft Internet Explorer 5.5 SP1
+ Microsoft Internet Explorer 5.5 preview
+ Microsoft Internet Explorer 5.5 preview
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.0
+ Microsoft Internet Explorer 5.0
+ Microsoft Windows XP Embedded SP3
+ Microsoft Windows XP Embedded SP2
+ Microsoft Windows XP Home SP3
+ Microsoft Windows XP Home SP2
+ Microsoft Windows XP Media Center Edition SP3
+ Microsoft Windows XP Media Center Edition SP2
+ Microsoft Windows XP Professional SP3
+ Microsoft Windows XP Professional SP2
+ Microsoft Windows XP Professional x64 Edition SP2
+ Microsoft Windows XP Tablet PC Edition SP3
+ Microsoft Windows XP Tablet PC Edition SP2
+ Netscape Communicator 6.1
+ Netscape Communicator 6.1
+ Netscape Communicator 4.78
+ Netscape Communicator 4.78
+ Netscape Communicator 4.77
+ Netscape Communicator 4.77
+ Netscape Communicator 4.76
+ Netscape Communicator 4.76
+ Netscape Communicator 4.75
+ Netscape Communicator 4.75
+ Netscape Communicator 4.74
+ Netscape Communicator 4.74
+ Netscape Communicator 4.73
+ Netscape Communicator 4.73
+ Netscape Communicator 4.72
+ Netscape Communicator 4.72
+ Netscape Communicator 4.61
+ Netscape Communicator 4.61
+ Netscape Communicator 4.51
+ Netscape Communicator 4.51
+ Netscape Communicator 4.7
+ Netscape Communicator 4.7
+ Netscape Communicator 4.6
+ Netscape Communicator 4.6
+ RedHat netscape-common-4.76-11.i386.rpm
+ RedHat netscape-common-4.78-2.i386.rpm
+ RedHat netscape-common-4.79-1.i386.rpm
+ RedHat netscape-communicator-4.76-11.i386.rpm
+ RedHat netscape-communicator-4.78-2.i386.rpm
+ RedHat netscape-communicator-4.79-1.i386.rpm
+ RedHat netscape-navigator-4.76-11.i386.rpm
+ RedHat netscape-navigator-4.78-2.i386.rpm
+ RedHat netscape-navigator-4.79-1.i386.rpm
Compaq Tru64 5.0 a
Compaq Tru64 5.0
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f

- 漏洞讨论

The 'zlib' compression library is prone to a heap-corruption vulnerability.

Under some circumstances, a block of dynamically allocated memory may have the 'free()' routine called on it twice. This may occur during decompression.

An exploitable condition may result if the 'free()' function is used on memory that has already been freed. Under some circumstances, an attacker may be able to manipulate data layout in the heap so that an arbitrary word in memory is overwritten with a custom value when 'free()' is called for the second time.

Arbitrary code may run if critical values such as function return addresses, GOT entries, etc., are overwritten.

By itself, this condition is not a vulnerability. An attacker must identify a program that is linked to the library or that uses vulnerable code with higher privileges (e.g. installed setuid) or runs on a remote machine. The attacker must also locate a method through which the condition may be triggered (for example, by supplying compressed data as input).

Several programs use 'zlib' or vulnerable code borrowed from the library, including:

SSH / OpenSSH
rsync
OpenPKG
popt / rpm
the Linux Kernel

Note that a similar vulnerability was reported in LBNL Traceroute. It was generally believed that this condition was not exploitable until proof-of-concept exploits were posted by two independent security researchers.

The FreeS/WAN IPSEC implementation reportedly also includes code from the vulnerable library. However, there are indications that this may not be exploitable in FreeS/WAN IPSEC implementations.

F-Secure SSH is not affected by this vulnerability. Apple Mac OS X is not prone to this issue.

A number of Microsoft Windows applications incorporate code from the zlib library, including Microsoft Office, Internet Explorer, DirectX, Messenger, and Front Page. It is not currently known whether these applications are affected by this issue. If they are affected, the degree of vulnerability has not been determined.

Various VNC viewer implementations may circumstantially be affected by this issue. In particular, a VNC server may be able to exploit this issue to cause a denial of service to a VNC viewer/client. TightVNC and VNCThing are known to use vulnerable versions of the compression library. VNCThing runs on MacOS operating systems and is therefore not exploitable. TridiaVNC, VNC Viewer for Java, and VNC Viewer and Server for Apple Newton are also reportedly affected.

A number of Cisco products include code from the vulnerable compression library and are thus affected by this issue. These products include:

- Cisco Content Engine 507, 560, 590, and 7320 running Cache Software 3.1.1 or Application and Content Networking Software 4.0.x or 4.1.1.

- Cisco Content Router 4430 and Content Distribution Manager 4630 and 4650 running Application and Content Networking Software 4.0.x or 4.1.1.

- Cisco ME1100.

- Cisco IDS sensor appliances IDS-4210, IDS-4220-E and IDS-4230-xx are vulnerable if the sensor version is in the range 3.0(1) through 3.0(5).

- Cisco Metro 1500 DWDM running software releases prior to 3.3b.

- Cisco Hosting Solution Engine releases 1.0 and 1.3.

Versions prior to Nullsoft Winamp 2.79 also ship with the vulnerable compression library.

While this condition may not lead to code execution on FreeBSD operating systems, it may potentially cause a denial of service in applications that use the zlib compression library.

Macromedia Flash 5 is vulnerable to this issue. It is not yet known whether earlier versions are also affected.

- 漏洞利用

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

- 解决方案

Various fixes for 'zlib' packages have been released as well as upgrades for utilities that are statically linked to the library (or that include borrowed code). Please see the references for more information.


zlib zlib 1.0

zlib zlib 1.0.2

zlib zlib 1.0.3

zlib zlib 1.0.4

zlib zlib 1.0.5

zlib zlib 1.0.7

zlib zlib 1.1

zlib zlib 1.1.2

GNOME Gnome 2.0

Sun SunOS 5.8

Real Networks Real Server 6.0 x

SGI IRIX 6.5.1

SGI IRIX 6.5.11

SGI IRIX 6.5.13 m

SGI IRIX 6.5.13 f

SGI IRIX 6.5.14 f

SGI IRIX 6.5.14 m

SGI IRIX 6.5.15 m

SGI IRIX 6.5.16 f

SGI IRIX 6.5.16 m

SGI IRIX 6.5.17 m

SGI IRIX 6.5.2

SGI IRIX 6.5.3

SGI IRIX 6.5.4

SGI IRIX 6.5.5

SGI IRIX 6.5.6

SGI IRIX 6.5.7

SGI IRIX 6.5.8

SGI IRIX 6.5.9

Real Networks Real Server 7.0

Real Networks Real Server 7.0.1

Real Networks Real Server 7.0.2

Real Networks RealSystem Proxy 8.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站