CVE-2005-2096
CVSS7.5
发布时间 :2005-07-06 00:00:00
修订时间 :2012-10-30 21:48:03
NMCOPS    

[原文]zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.


[CNNVD]zlib 缓冲区溢出漏洞(CNNVD-200507-074)

        zlib是很多应用程序都在使用的压缩库,可提供数据压缩/解压例程。
        Zlib 1.2及其后的版本中存在缓冲区溢出漏洞。
        通过特制的包含不正确的长度大于1的代码描述,将导致缓冲区溢出,攻击者可利用此漏洞导致程序崩溃。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:gnu:zlib:1.2.2GNU zlib 1.2.2
cpe:/a:gnu:zlib:1.2.1GNU zlib 1.2.1
cpe:/a:gnu:zlib:1.2.0GNU zlib 1.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1542zlib Compression Remote DoS Vulnerability (B.11.00/B.11.11)
oval:org.mitre.oval:def:1262zlib Compression Remote DoS Vulnerability (B.11.23)
oval:org.mitre.oval:def:11500zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2096
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2096
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-074
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/680620
(VENDOR_ADVISORY)  CERT-VN  VU#680620
http://www.securityfocus.com/bid/14162
(PATCH)  BID  14162
http://www.redhat.com/support/errata/RHSA-2005-569.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:569
http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200509-18
http://www.debian.org/security/2005/dsa-797
(VENDOR_ADVISORY)  DEBIAN  DSA-797
http://www.debian.org/security/2005/dsa-740
(VENDOR_ADVISORY)  DEBIAN  DSA-740
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1
(VENDOR_ADVISORY)  SUNALERT  101989
http://security.gentoo.org/glsa/glsa-200507-05.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200507-05
http://secunia.com/advisories/15949
(VENDOR_ADVISORY)  SECUNIA  15949
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
(VENDOR_ADVISORY)  FEDORA  FLSA:162680
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391
(VENDOR_ADVISORY)  MISC  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391
http://www.vupen.com/english/advisories/2007/1267
(UNKNOWN)  VUPEN  ADV-2007-1267
http://www.vupen.com/english/advisories/2006/0144
(UNKNOWN)  VUPEN  ADV-2006-0144
http://www.vupen.com/english/advisories/2005/0978
(UNKNOWN)  VUPEN  ADV-2005-0978
http://www.ubuntulinux.org/support/documentation/usn/usn-148-1
(VENDOR_ADVISORY)  UBUNTU  USN-148-1
http://www.securityfocus.com/archive/1/archive/1/421411/100/0/threaded
(UNKNOWN)  HP  HPSBUX02090
http://www.redhat.com/support/errata/RHSA-2008-0629.html
(UNKNOWN)  REDHAT  RHSA-2008:0629
http://support.apple.com/kb/HT3298
(UNKNOWN)  CONFIRM  http://support.apple.com/kb/HT3298
http://securitytracker.com/id?1014398
(VENDOR_ADVISORY)  SECTRACK  1014398
http://secunia.com/advisories/32706
(UNKNOWN)  SECUNIA  32706
http://secunia.com/advisories/31492
(UNKNOWN)  SECUNIA  31492
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2005-08-15
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
(VENDOR_ADVISORY)  APPLE  APPLE-SA-2005-08-17
http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
(UNKNOWN)  APPLE  APPLE-SA-2008-11-13
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-05:16.zlib
http://xforce.iss.net/xforce/xfdb/24064
(UNKNOWN)  XF  hpux-secure-shell-dos(24064)
http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
http://www.ubuntulinux.org/usn/usn-151-3
(UNKNOWN)  UBUNTU  USN-151-3
http://www.securityfocus.com/archive/1/archive/1/482950/100/0/threaded
(UNKNOWN)  BUGTRAQ  20071029 Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/archive/1/482949/100/0/threaded
(UNKNOWN)  BUGTRAQ  20071029 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/archive/1/482601/100/0/threaded
(UNKNOWN)  BUGTRAQ  20071021 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/archive/1/482571/100/0/threaded
(UNKNOWN)  BUGTRAQ  20071020 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/archive/1/482505/100/0/threaded
(UNKNOWN)  BUGTRAQ  20071018 Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)
http://www.securityfocus.com/archive/1/archive/1/482503/100/0/threaded
(UNKNOWN)  BUGTRAQ  20071018 Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/archive/1/464745/100/0/threaded
(UNKNOWN)  BUGTRAQ  20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates
http://www.securityfocus.com/archive/1/archive/1/421411/100/0/threaded
(UNKNOWN)  HP  HPSBUX02090
http://www.mandriva.com/security/advisories?name=MDKSA-2006:070
(UNKNOWN)  MANDRIVA  MDKSA-2006:070
http://www.mandriva.com/security/advisories?name=MDKSA-2005:196
(UNKNOWN)  MANDRIVA  MDKSA-2005:196
http://www.mandriva.com/security/advisories?name=MDKSA-2005:112
(UNKNOWN)  MANDRAKE  MDKSA-2005:112
http://www.debian.org/security/2006/dsa-1026
(UNKNOWN)  DEBIAN  DSA-1026
http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm
http://secunia.com/advisories/24788
(UNKNOWN)  SECUNIA  24788
http://secunia.com/advisories/19597
(UNKNOWN)  SECUNIA  19597
http://secunia.com/advisories/19550
(UNKNOWN)  SECUNIA  19550
http://secunia.com/advisories/18507
(UNKNOWN)  SECUNIA  18507
http://secunia.com/advisories/18406
(UNKNOWN)  SECUNIA  18406
http://secunia.com/advisories/18377
(UNKNOWN)  SECUNIA  18377
http://secunia.com/advisories/17516
(UNKNOWN)  SECUNIA  17516
http://secunia.com/advisories/17326
(UNKNOWN)  SECUNIA  17326
http://secunia.com/advisories/17236
(UNKNOWN)  SECUNIA  17236
http://secunia.com/advisories/17225
(UNKNOWN)  SECUNIA  17225
http://secunia.com/advisories/17054
(UNKNOWN)  SECUNIA  17054
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt
(UNKNOWN)  SCO  SCOSA-2006.6

- 漏洞信息

zlib 缓冲区溢出漏洞
高危 缓冲区溢出
2005-07-06 00:00:00 2009-01-23 00:00:00
远程  
        zlib是很多应用程序都在使用的压缩库,可提供数据压缩/解压例程。
        Zlib 1.2及其后的版本中存在缓冲区溢出漏洞。
        通过特制的包含不正确的长度大于1的代码描述,将导致缓冲区溢出,攻击者可利用此漏洞导致程序崩溃。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.zlib.net/

- 漏洞信息 (F60519)

vfd-zlib.txt (PacketStormID:F60519)
2007-10-30 00:00:00
Stefan Kanthak  
advisory
CVE-2005-2096
[点击下载]

It appears that Virtual Floppy Drive is susceptible to an old zlib vulnerability associated with version 1.2.2.

The binary of the (presumably not widely used) Windows software
"Virtual Floppy Drive 2.1"
<http://chitchat.at.infoseek.co.jp/vmware/vfd.html>
ships with a vfd.dll that is statically linked against zlib 1.2.2
<http://www.zlib.net/> which is vulnerable to CAN-2005-2096.


A scan with ClamAV against the patterns published by Florian Weimer
at <http://www.enyo.de/fw/security/zlib-fingerprint/> verifies the
presence of the patterns of the vulnerable code:

| x:\>clamscan --database CAN-2005-2096.db
| VFD.DLL: CAN-2005-2096.zlib-1.2.2 FOUND
|
| ----------- SCAN SUMMARY -----------
| Known viruses: 16
| Engine version: 0.91.2
| Scanned directories: 1
| Scanned files: 1


The author and maintainer has been contacted twice via mail in
the last four weeks but choose not to respond at all.


Stefan Kanthak
    

- 漏洞信息 (F60264)

curl-zlib.txt (PacketStormID:F60264)
2007-10-22 00:00:00
Stefan Kanthak  
advisory
windows
CVE-2005-2096
[点击下载]

The Microsoft Windows binary of curl contains a vulnerable version of zlib.

The Windows binaries of "curl", built by the author and maintainer of
curl and available for download at <http://curl.haxx.se/download.html>
are linked with zlib 1.2.2 <http://www.zlib.net/>, which is but
vulnerable to CAN-2005-2096:

| x:\>curl -V
| curl 7.17.0 (i586-pc-mingw32msvc) libcurl/7.17.0 zlib/1.2.2
| Protocols: tftp ftp telnet dict ldap http file
| Features: Largefile NTLM SSPI libz

A scan with ClamAV against the patterns published by Florian Weimer
at <http://www.enyo.de/fw/security/zlib-fingerprint/> verifies the
presence of the patterns of the vulnerable code:

| x:\>clamscan --database CAN-2005-2096.db
| CURL.EXE: CAN-2005-2096.zlib-1.2.2 FOUND
|
| ----------- SCAN SUMMARY -----------
| Known viruses: 16
| Engine version: 0.91.2
| Scanned directories: 1
| Scanned files: 1

Stefan Kanthak
    

- 漏洞信息 (F60262)

gsview-zlib.txt (PacketStormID:F60262)
2007-10-22 00:00:00
Stefan Kanthak  
advisory
windows
CVE-2005-2096
[点击下载]

The Microsoft Windows binary GSV48W32.EXE of gsview contains a vulnerable version of zlib.

The Windows binary GSV48W32.EXE of "gsview"
<http://pages.cs.wisc.edu/~ghost/gsview/>
<ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/ghostgum/gsv48w32.exe>
ships with a zlib32.dll (originally named zlib.dll) v1.2.2
<http://www.zlib.net/> which is vulnerable to CAN-2005-2096.

The zlib32.dll is dated 2005-03-06 (GSview 4.8 was release 2005-03-26),
i.e. before CAN-2005-2096 was published, so its very likely that all
the binaries provided by the author will show a vulnerable zlib if they
contain one.

A scan with ClamAV against the patterns published by Florian Weimer
at <http://www.enyo.de/fw/security/zlib-fingerprint/> verifies the
presence of the patterns of the vulnerable code:

| x:\>clamscan --database CAN-2005-2096.db
| ZLIB32.DLL: CAN-2005-2096.zlib-1.2.2 FOUND
|
| ----------- SCAN SUMMARY -----------
| Known viruses: 16
| Engine version: 0.91.2
| Scanned directories: 1
| Scanned files: 1

Stefan Kanthak
    

- 漏洞信息 (F55667)

VMware Security Advisory 2007-0003 (PacketStormID:F55667)
2007-04-05 00:00:00
VMware  vmware.com
advisory
CVE-2005-3011,CVE-2006-4810,CVE-2007-1270,CVE-2007-1271,CVE-2005-2096,CVE-2005-1849,CVE-2003-0107,CVE-2005-1704
[点击下载]

VMware Security Advisory - ESX 3.0.1 and 3.0.0 patches address several security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2007-0003
Synopsis:          VMware ESX 3.0.1 and 3.0.0 server security updates
Issue date:        2007-04-02
Updated on:        2007-04-02
CVE numbers:       CVE-2005-3011 CVE-2006-4810 CVE-2007-1270
                   CVE-2007-1271 CVE-2005-2096 CVE-2005-1849
                   CVE-2003-0107 CVE-2005-1704
- -------------------------------------------------------------------

1. Summary:

ESX 3.0.1 and 3.0.0 patches address several security issues.

2. Relevant releases:

VMware ESX 3.0.1 without patches ESX-2559638, ESX-1161870, ESX-3416571,
ESX-5011126, ESX-7737432, ESX-7780490, ESX-8174018, ESX-8852210,
ESX-9617902,
ESX-9916286

VMware ESX 3.0.0 without patches ESX-1121906, ESX-131737, ESX-1870154,
ESX-392718, ESX-4197945, ESX-4921691, ESX-5752668, ESX-7052426, ESX-3616065

3. Problem description:

Problems addressed by these patches:

a.   texinfo service console update

     Updated texinfo packages for the service console fix two security
     vulnerabilities are now available.  A buffer overflow in the the
     program texinfo could allow local user to execute arbitrary code in
     the service console via a crafted texinfo file.  And could allow a
     local user to overwrite arbitrary files via a symlink attack on
     temporary files.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the names CVE-2005-3011 and CVE-2006-4810 to these
     issues.

     ESX 301 Download Patch ESX-2559638
     ESX 300 Download Patch ESX-1121906

b.   This bundle is a group of patches to resolve two possible security
issues.

     They are as follows:
     A VMware internal security audit revealed a double free condition.
     It may be possible for an attacker to influence the operation of
     the system. In most circumstances, this influence will be limited
     to denial of service or information leakage, but it is
     theoretically possible for an attacker to insert arbitrary code
     into a running program. This code would be executed with the
     permissions of the vulnerable program.  There are no known exploits
     for this issue.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the name CVE-2007-1270 to this issue.

     A VMware internal security audit revealed a potential buffer
     overflow condition. There are no known vulnerabilities, but such
     vulnerabilities may be used to elevate privileges or to crash the
     application and thus cause a denial of service.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the name CVE-2007-1271 to this issue.

     The following patches are contained within this bundle:

     ESX 301                      ESX 300
     -------                     --------
     ESX-1161870                  ESX-131737
     ESX-3416571                  ESX-1870154
     ESX-5011126                  ESX-392718
     ESX-7737432                  ESX-4197945
     ESX-7780490                  ESX-4921691
     ESX-8174018                  ESX-5752668
     ESX-8852210                  ESX-7052426
     ESX-9617902                  ESX-9976400

     ESX 301 Download Patch Bundle ESX-6431040
     ESX 300 Download Patch Bundle ESX-5754280

c.   This patch updates internally used zlib libraries in order to
     address potential security issues with older versions of this
     library.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the names CVE-2005-2096, CVE-2005-1849, CVE-2003-0107
     to these issues.

     ESX 301 Download Patch ESX-9916286
     ESX 300 Download Patch ESX-3616065

d.  binutils service console update

     NOTE: This vulnerability and update only apply to ESX 3.0.0.

     A integer overflow in the Binary File Descriptor (BFD) library for
     the GNU Debugger before version 6.3, binutils, elfutils, and
     possibly other packages, allows user-assisted attackers to execute
     arbitrary code via a crafted object file that specifies a large
     number of section headers, leading to a heap-based buffer overflow.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the name CVE-2005-1704 to this issue.

     ESX 300 Download Patch ESX-55052

4. Solution:

Please review the Patch notes for your version of ESX and verify the
md5sum of your downloaded file.

  ESX 3.0.1
  http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html
  md5sum 9ee9d9769dfe2668aa6a4be2df284ea6

  http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html
  md5sum ef6bc745b3d556e0736fd39b8ddc8087

  http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
  md5sum 7b98cfe1b2e0613c368d4080dcacccb8

  ESX 3.0.0
  http://www.vmware.com/support/vi3/doc/esx-55052-patch.html
  md5sum 8d45e36ec997707ebe68d84841026fef

  http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html
  md5sum 02c5bcccea156dd0db93177e5e3fab8b

  http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
  md5sum 90e4face2edaab07080531a37a49ec01

  http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html
  md5sum 82b3c7e18dd1422f30c4aa9e477c6a27

5. References:

  ESX 3.0.1

Patch URL:http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html
Patch URL:http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html
Patch URL:http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
Knowledge base URL:http://kb.vmware.com/kb/2559638
Knowledge base URL:http://kb.vmware.com/kb/6431040
Knowledge base URL:http://kb.vmware.com/kb/9916286

  ESX 3.0.0

Patch URL:http://www.vmware.com/support/vi3/doc/esx-55052-patch.html
Patch URL:http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html
Patch URL:http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
Patch URL:http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html
Knowledge base URL:http://kb.vmware.com/kb/55052
Knowledge base URL:http://kb.vmware.com/kb/1121906
Knowledge base URL:http://kb.vmware.com/kb/3616065
Knowledge base URL:http://kb.vmware.com/kb/55052


  CVE numbers

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704

6. Contact:

http://www.vmware.com/security

VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail:  security@vmware.com

Copyright 2007 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGFAiH6KjQhy2pPmkRCDhvAJ9IdzXG4Ino7NGYPnRvW5ZLFMdhRgCgk1Rr
bGpwMyFZk0OMLWyA/L8PODQ=
=MjIU
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F42971)

HP Security Bulletin 2005-10.58 (PacketStormID:F42971)
2006-01-11 00:00:00
Hewlett Packard,HP  hp.com
advisory,remote,denial of service,shell
hpux
CVE-2005-2096,CVE-2005-2798
[点击下载]

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a Denial of Service (DoS).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00589050

Version: 1

HPSBUX02090 SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of
Service (DoS)

NOTICE: The information in this Security Bulletin should be acted
upon as soon as possible.

Release Date: 2006-01-05
Last Updated: 2006-01-09

Potential Security Impact: Remote Denial of Service (DoS).

Source: Hewlett-Packard Company,
        HP Software Security Response Team

VULNERABILITY SUMMARY

A potential security vulnerability has been identified with HP-UX
running Secure Shell. The vulnerability could be remotely
exploited to allow a remote unauthorized user to create a Denial
of Service (DoS).

References: CVE-2005-2096, CAN-2005-2798

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.00, B.11.11, B.11.23.

BACKGROUND

To determine if an HP-UX system has an affected version, search
the output of "swlist -a revision -l fileset" for one of the
filesets listed below. For affected systems verify that the
recommended action has been taken.

AFFECTED VERSIONS

HP-UX B.11.00
HP-UX B.11.11
===========
Secure_Shell.SECURE_SHELL
action:install revision A.04.20.004 or subsequent

HP-UX B.11.23
===========
Secure_Shell.SECURE_SHELL
action:install revision A.04.20.005 or subsequent

END AFFECTED VERSIONS

RESOLUTION

HP is providing the following HP-UX Secure Shell (T1471AA) updates
to resolve this potential vulnerability. These updates can be
downloaded from http://software.hp.com

HP-UX B.11.00 - HP-UX Secure Shell A.04.20.004
HP-UX B.11.11 - HP-UX Secure Shell A.04.20.004
HP-UX B.11.23 - HP-UX Secure Shell A.04.20.005

The HP-UX Secure Shell A.04.20.004 and A.04.20.005 are based on
OpenSSH 4.2p1, including the following libraries: zlib1.2.3,
OpenSSL v0.9.7i and TCP Wrappers v7.6.

MANUAL ACTIONS: Yes - Update
Download and install the appropriate update from
http://software.hp.com

PRODUCT SPECIFIC INFORMATION

HP-UX Security Patch Check: Security Patch Check revision B.02.00
analyzes all HP-issued Security Bulletins to provide a subset of
recommended actions that potentially affect a specific HP-UX
system. For more information:
http://software.hp.com/portal/swdepot/displayProductInfo.do?
productNumber=B6834AA

HISTORY:
Version: 1 (rev.1) 09 January 2006 Initial release


Support: For further information, contact normal HP Services
support channel.

Report: To report a potential security vulnerability with any HP
supported product, send Email to: security-alert@hp.com.  It is
strongly recommended that security related information being
communicated to HP be encrypted using PGP, especially exploit
information.  To get the security-alert PGP key, please send an
e-mail message as follows:
  To: security-alert@hp.com
  Subject: get key

Subscribe: To initiate a subscription to receive future HP
Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&
langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC

On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
  - check ALL categories for which alerts are required and
    continue.
Under Step2: your ITRC operating systems
  - verify your operating system selections are checked and
    save.

To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page:
  Subscriber's choice for Business: sign-in.
On the web page:
  Subscriber's Choice: your profile summary
    - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do

* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters of the
Bulletin number in the title:

    GN = HP General SW,
    MA = HP Management Agents,
    MI = Misc. 3rd party SW,
    MP = HP MPE/iX,
    NS = HP NonStop Servers,
    OV = HP OpenVMS,
    PI = HP Printing & Imaging,
    ST = HP Storage SW,
    TL = HP Trusted Linux,
    TU = HP Tru64 UNIX,
    UX = HP-UX,
    VV = HP Virtual Vault


System management and security procedures must be reviewed
frequently to maintain system integrity. HP is continually
reviewing and enhancing the security features of software products
to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to
bring to the attention of users of the affected HP products the
important security information contained in this Bulletin. HP
recommends that all users determine the applicability of this
information to their individual situations and take appropriate
action. HP does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HP
will not be responsible for any damages resulting from user's use
or disregard of the information provided in this Bulletin. To the
extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability
and fitness for a particular purpose, title and non-infringement."


(c)Copyright 2006 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
provided is provided "as is" without warranty of any kind. To the
extent permitted by law, neither HP nor its affiliates,
subcontractors or suppliers will be liable for incidental, special
or consequential damages including downtime cost; lost profits;
damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration.
The information in this document is subject to change without
notice. Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of their
respective owners.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ8OhQeAfOvwtKn1ZEQIDSQCfSJPJSHVuBjTwlD/72MyeMKkiB10AoIBv
WKp90DN6eK4UaK4Q1fnxfLMo
=OHdO
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F41077)

Ubuntu Security Notice 151-3 (PacketStormID:F41077)
2005-10-31 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,arbitrary,code execution
linux,ubuntu
CVE-2005-1849,CVE-2005-2096
[点击下载]

Ubuntu Security Notice USN-151-3 - USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since aide is statically linked against the zlib library, it is also affected by these issues.

===========================================================
Ubuntu Security Notice USN-151-3	   October 28, 2005
aide vulnerabilities
CVE-2005-1849, CVE-2005-2096
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

aide

The problem can be corrected by upgrading the affected package to
version 0.10-3ubuntu0.1 (for Ubuntu 4.10), 0.10-4ubuntu0.1 (for Ubuntu
5.04), or 0.10-6.1ubuntu0.1 (for Ubuntu 5.10).  In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could
be exploited to cause Denial of Service attacks or even arbitrary code
execution with malicious data streams.

Since aide is statically linked against the zlib library, it is also
affected by these issues. The updated packagages have been rebuilt
against the fixed zlib.

Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1.diff.gz
      Size/MD5:    28081 d569b7974a6204481346128876a0a530
    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1.dsc
      Size/MD5:      703 cc5158a58a35e46dfc0bee0b0a34380b
    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10.orig.tar.gz
      Size/MD5:   234184 39eb7d21064cac7b409c45d038b86cd8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1_amd64.deb
      Size/MD5:   413050 086e1a2279c3cd8ac1b6a2414d48ce18

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1_i386.deb
      Size/MD5:   398942 07096e82a51ee10ce965571e08342952

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1_powerpc.deb
      Size/MD5:   430230 77d787a8f00bf5058b21010a2c52acfa

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1.diff.gz
      Size/MD5:    29359 366869464761485ef3d29915ae294ab1
    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1.dsc
      Size/MD5:      703 28126aa389a49cc5354e6c704237b334
    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10.orig.tar.gz
      Size/MD5:   234184 39eb7d21064cac7b409c45d038b86cd8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1_amd64.deb
      Size/MD5:   465630 63bc8c81c424d4bfb00c233a2e97695d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1_i386.deb
      Size/MD5:   431590 109018a99a6588f7f48ee8be595bf2b6

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1_powerpc.deb
      Size/MD5:   471800 73571a01182d41ec0f5ce73cd5b8cdbc

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1.diff.gz
      Size/MD5:    36588 1428d11ede7d4d4996b9f6d719aa9557
    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1.dsc
      Size/MD5:      763 715edd426517405c0f81feff1e7511c7
    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10.orig.tar.gz
      Size/MD5:   234184 39eb7d21064cac7b409c45d038b86cd8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1_amd64.deb
      Size/MD5:   513230 9a1477b093630a538262a137d7c37730

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1_i386.deb
      Size/MD5:   451422 41c84d68e6e4e69fe919109e00576051

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1_powerpc.deb
      Size/MD5:   581134 df0712d4d04b4854243c01f7696eb0c5
    

- 漏洞信息 (F39818)

Debian Linux Security Advisory 797-1 (PacketStormID:F39818)
2005-09-05 00:00:00
Debian  debian.org
advisory,local
linux,debian
CVE-2005-1849,CVE-2005-2096
[点击下载]

Debian Security Advisory DSA 797-1 - zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 797-1                     security@debian.org
http://www.debian.org/security/                              Michael Stone
September 1st, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : zsync
Vulnerability  : DOS
Problem-Type   : buffer overflow
Debian-specific: no
CVE ID         : CAN-2005-1849, CAN-2005-2096

zsync, a file transfer program, includes a modified local copy of
the zlib library, and is vulnerable to certain bugs fixed previously
in the zlib package.

The old stable distribution (woody) does not contain the zsync
package.

For the stable distribution (sarge) this problem has been fixed in
version 0.3.3-1.sarge.1.

For the unstable distribution (sid) this problem has been fixed in
version 0.4.0-2.

We recommend that you upgrade your zsync package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1.dsc
      Size/MD5 checksum:      742 38abbfacbf93f57692641a0f257abe4e
    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1.diff.gz
      Size/MD5 checksum:     6213 224eae057a1eebdd3ffe16e6e3d584e6
    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3.orig.tar.gz
      Size/MD5 checksum:   241726 71efef80525276990cf8af97ee2b8f97

  Alpha architecture:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_alpha.deb
      Size/MD5 checksum:   120612 0efd2b252f7a2eebac03d04aee7bff87

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_amd64.deb
      Size/MD5 checksum:    99560 ede8508b5d555b6be89c5adbbea49c20

  ARM architecture:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_arm.deb
      Size/MD5 checksum:   100420 713b7d689f4ccdf4317c255dd0de7e6f

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_i386.deb
      Size/MD5 checksum:    98414 bb4ff605c6e3b94f23dd0986ca55e450

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_ia64.deb
      Size/MD5 checksum:   139370 91cef962076eb5d66ddda86e1ca1e8f8

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_hppa.deb
      Size/MD5 checksum:   105062 ba01f3b644ea1be05e51d3d07b00d363

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_m68k.deb
      Size/MD5 checksum:    85176 ec83816290778ca23005cbcf001962ed

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_mips.deb
      Size/MD5 checksum:   106840 bdd9b5d16ed84330292a97eb01deb381

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_mipsel.deb
      Size/MD5 checksum:   107912 bf7c5dfcac00e250efefe59959f47deb

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_powerpc.deb
      Size/MD5 checksum:   100460 7126e64533e31ccd1be3302772ca4158

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_s390.deb
      Size/MD5 checksum:   103472 b9712abdbaa529ab5ed20854b5b70406

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_sparc.deb
      Size/MD5 checksum:    98614 534233dd79188ea592f23a0b00f5d524


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQCVAwUBQxevaA0hVr09l8FJAQJekwQA1priiEMejHgPhx/OWzDPvL/KhkPypvz0
a7ekol446/PVCQlAdhAyv6kAV+Vrdh28f08RFSMa/9CS3Jt60M5Gh4toVuM5zjbG
HUH6OYB1l2nvBg73ulBzW5+CBue1XNF9JbXoB54PbkIwFydUC+Vg7czt8qEx3gnV
bmAMQNEQauw=
=2zlR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F39035)

Gentoo Linux Security Advisory 200508-1 (PacketStormID:F39035)
2005-08-05 00:00:00
Gentoo  security.gentoo.org
advisory,overflow,local
linux,gentoo
CVE-2005-1849,CVE-2005-2096
[点击下载]

Gentoo Linux Security Advisory GLSA 200508-01 - Compress::Zlib 1.34 contains a local vulnerable version of zlib, which may lead to a buffer overflow. Versions less than 1.35 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200508-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Compress::Zlib: Buffer overflow
      Date: August 01, 2005
      Bugs: #100540
        ID: 200508-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Compress::Zlib is vulnerable to a buffer overflow which could
potentially lead to execution of arbitrary code.

Background
==========

The Compress::Zlib is a Perl module which provides an interface to the
zlib compression library.

Affected packages
=================

    -------------------------------------------------------------------
     Package                 /  Vulnerable  /               Unaffected
    -------------------------------------------------------------------
  1  dev-perl/Compress-Zlib       < 1.35                       >= 1.35

Description
===========

Compress::Zlib 1.34 contains a local vulnerable version of zlib, which
may lead to a buffer overflow.

Impact
======

By creating a specially crafted compressed data stream, attackers can
overwrite data structures for applications that use Compress::Zlib,
resulting in a Denial of Service and potentially arbitrary code
execution.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Compress::Zlib users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-perl/Compress-Zlib-1.35"

References
==========

  [ 1 ] GLSA 200507-19
        http://www.gentoo.org/security/en/glsa/glsa-200507-19.xml
  [ 2 ] GLSA 200507-05
        http://www.gentoo.org/security/en/glsa/glsa-200507-05.xml
  [ 3 ] CAN-2005-1849
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849
  [ 4 ] CAN-2005-2096
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200508-01.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息 (F39022)

Gentoo Linux Security Advisory 200507-28 (PacketStormID:F39022)
2005-08-05 00:00:00
Gentoo  security.gentoo.org
advisory,overflow,x86
linux,gentoo
CVE-2005-1849,CVE-2005-2096
[点击下载]

Gentoo Linux Security Advisory GLSA 200507-28 - Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow. Versions less than 2.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: AMD64 x86 emulation base libraries: Buffer overflow
      Date: July 30, 2005
      Bugs: #100686
        ID: 200507-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The x86 emulation base libraries for AMD64 contain a vulnerable version
of zlib which could potentially lead to execution of arbitrary code.

Background
==========

The x86 emulation base libraries for AMD64 emulate the x86 (32-bit)
architecture on the AMD64 (64-bit) architecture.

Affected packages
=================

    -------------------------------------------------------------------
     Package                  /  Vulnerable  /              Unaffected
    -------------------------------------------------------------------
  1  emul-linux-x86-baselibs        < 2.2                       >= 2.2
    -------------------------------------------------------------------
     # Package 1 only applies to AMD64 users.

Description
===========

Earlier versions of emul-linux-x86-baselibs contain a vulnerable
version of zlib, which may lead to a buffer overflow.

Impact
======

By creating a specially crafted compressed data stream, attackers can
overwrite data structures for applications that use the x86 emulation
base libraries for AMD64, resulting in a Denial of Service and
potentially arbitrary code execution.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All AMD64 x86 emulation base libraries users should upgrade to the
latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose
">=app-emulation/emul-linux-x86-baselibs-2.2"

References
==========

  [ 1 ] GLSA 200507-05
        http://www.gentoo.org/security/en/glsa/glsa-200507-05.xml
  [ 2 ] GLSA 200507-19
        http://www.gentoo.org/security/en/glsa/glsa-200507-19.xml
  [ 3 ] CAN-2005-1849
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849
  [ 4 ] CAN-2005-2096
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-28.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F38503)

Gentoo Linux Security Advisory 200507-5 (PacketStormID:F38503)
2005-07-07 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2005-2096
[点击下载]

Gentoo Linux Security Advisory GLSA 200507-05 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed deflate data stream to overrun a buffer. Versions less than 1.2.2-r1 are affected.

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigCDBAA32FB4088BBAF51FDC24
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: zlib: Buffer overflow
      Date: July 06, 2005
      Bugs: #98121
        ID: 200507-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A buffer overflow has been discovered in zlib, potentially resulting in
the execution of arbitrary code.

Background
==========

zlib is a widely used free and patent unencumbered data compression
library.

Affected packages
=================

    -------------------------------------------------------------------
     Package        /  Vulnerable  /                        Unaffected
    -------------------------------------------------------------------
  1  sys-libs/zlib     < 1.2.2-r1                          >= 1.2.2-r1

Description
===========

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
buffer overflow in zlib. A bounds checking operation failed to take
invalid data into account, allowing a specifically malformed deflate
data stream to overrun a buffer.

Impact
======

An attacker could construct a malformed data stream, embedding it
within network communication or an application file format, potentially
resulting in the execution of arbitrary code when decoded by the
application using the zlib library.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All zlib users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.2-r1"

References
==========

  [ 1 ] CAN-2005-2096
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-05.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enigCDBAA32FB4088BBAF51FDC24
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCy+lcvcL1obalX08RApjsAJ4/0Xq9PbtEl2JIxBbEd85PCW4F0ACfcneI
BkhYNLyEheFSmHoaV2Kbxxk=
=pBW5
-----END PGP SIGNATURE-----

--------------enigCDBAA32FB4088BBAF51FDC24--
    

- 漏洞信息

17827
zlib inftrees.c Crafted Compressed Stream Overflow DoS
Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Vendor Verified

- 漏洞描述

- 时间线

2005-07-07 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Zlib Compression Library Buffer Overflow Vulnerability
Boundary Condition Error 14162
Yes No
2005-07-06 12:00:00 2008-11-13 11:14:00
Tavis Ormandy of the Gentoo Linux Security Audit Team is credited with the discovery of this vulnerability.

- 受影响的程序版本

zsync zsync 0.4
zsync zsync 0.3.3
zsync zsync 0.3.2
zsync zsync 0.3.1
zsync zsync 0.3
zsync zsync 0.2.3
zsync zsync 0.2.2
zsync zsync 0.2.1
zsync zsync 0.2
zsync zsync 0.1.6
zsync zsync 0.1.5
zsync zsync 0.1.4
zsync zsync 0.1.3
zsync zsync 0.1.2
zsync zsync 0.1.1
zsync zsync 0.1
zsync zsync 0.0.6
zsync zsync 0.0.5
zsync zsync 0.0.4
zsync zsync 0.0.3
zsync zsync 0.0.2
zsync zsync 0.0.1
zlib zlib 1.2.2
zlib zlib 1.2.1
zlib zlib 1.2 .0.7
zlib zlib 1.1.4
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ GLT GLT 0.6
+ NetBSD NetBSD 1.6
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5
- NullSoft Winamp 2.79
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ Sun Cobalt Qube 3
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 Japanese 4000WGJ
+ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
+ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
+ Sun Cobalt Qube3 w/ Caching and RAID 4100WG
+ Sun Cobalt Qube3 w/Caching 4010WG
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ XTR
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR Japanese 3500R-ja
+ Sun Cobalt RaQ4 3001R
+ Sun Cobalt RaQ4 Japanese RAID 3100R-ja
+ Sun Cobalt RaQ4 RAID 3100R
+ Sun Linux 5.0
zlib zlib 1.1.3
zlib zlib 1.1.2
zlib zlib 1.1.1
zlib zlib 1.1
zlib zlib 1.0.9
zlib zlib 1.0.8
zlib zlib 1.0.7
zlib zlib 1.0.6
zlib zlib 1.0.5
zlib zlib 1.0.4
- XFree86 X11R6 3.3.6
- XFree86 X11R6 3.3.5
- XFree86 X11R6 3.3.4
- XFree86 X11R6 3.3.3
- XFree86 X11R6 3.3.2
- XFree86 X11R6 3.3
zlib zlib 1.0.3
zlib zlib 1.0.2
zlib zlib 1.0.1
zlib zlib 1.0
VMWare ESX Server 3.0.1
VMWare ESX Server 3.0
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
Trolltech Qt 3.3.4
Trolltech Qt 3.3.3
Trolltech Qt 3.3.2
Trolltech Qt 3.3.1
Trolltech Qt 3.3 .0
Trolltech Qt 3.2.3
Trolltech Qt 3.2.1
Trolltech Qt 3.1.2
Trolltech Qt 3.1.1
Trolltech Qt 3.1
Trolltech Qt 3.0.5
Trolltech Qt 3.0.3
Trolltech Qt 3.0
Trolltech Qt 2.3.1
Sun Solaris 9_x86 Update 2
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10.0_x86
Sun Solaris 10
Sun Java Enterprise System 2005Q1
Sun Java Enterprise System 2004Q2
Sun Java Enterprise System 2003Q4
+ Sun Solaris 9
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux -current
SCO Unixware 7.1.4
SCO Unixware 7.1.3
SCO Open Server 6.0
SCO Open Server 5.0.7
SCO Open Server 5.0.6 a
SCO Open Server 5.0.6
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server 9
Russell Lang GSview 4.8
RedHat RPM 4.4.1
+ Red Hat Fedora Core4
RedHat Network Satellite (for RHEL 4) 5.1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Red Hat Network Satellite Server 5.0
Red Hat Red Hat Network Satellite Server 4.2
Red Hat Fedora Core4
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG Current
OpenBSD OpenBSD 3.7
OpenBSD OpenBSD 3.6
OpenBSD OpenBSD 3.5
MySQL AB MySQL 4.1.5
MySQL AB MySQL 4.1.4
MySQL AB MySQL 4.1.3 -beta
MySQL AB MySQL 4.1.3 -beta
MySQL AB MySQL 4.1.3 -0
MySQL AB MySQL 4.1.2 -alpha
MySQL AB MySQL 4.0.24
MySQL AB MySQL 4.0.21
MySQL AB MySQL 4.0.20
MySQL AB MySQL 4.0.18
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
MySQL AB MySQL 4.0.15
MySQL AB MySQL 4.0.14
+ OpenPKG OpenPKG 1.3
+ OpenPKG OpenPKG Current
+ Trustix Secure Linux 2.0
MySQL AB MySQL 4.0.13
MySQL AB MySQL 4.0.12
MySQL AB MySQL 4.0.11 -gamma
MySQL AB MySQL 4.0.11
MySQL AB MySQL 4.0.10
MySQL AB MySQL 4.0.9 -gamma
MySQL AB MySQL 4.0.9
MySQL AB MySQL 4.0.8 -gamma
MySQL AB MySQL 4.0.8
MySQL AB MySQL 4.0.7 -gamma
MySQL AB MySQL 4.0.7
MySQL AB MySQL 4.0.6
MySQL AB MySQL 4.0.5 a
MySQL AB MySQL 4.0.5
MySQL AB MySQL 4.0.4
MySQL AB MySQL 4.0.3
MySQL AB MySQL 4.0.2
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0 .0
MySQL AB MySQL 4.1.10a
MySQL AB MySQL 4.1.0.0-alpha
MySQL AB MySQL 4.1.0-0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Ken Kato Virtual Floppy Drive 2.1
IPCop IPCop 1.4.6
IPCop IPCop 1.4.5
IPCop IPCop 1.4.4
IPCop IPCop 1.4.2
IPCop IPCop 1.4.1
HP HP-UX 11.23
HP HP-UX 11.11
HP HP-UX 11.0
HP HP-UX B.11.23
HP HP-UX B.11.11
HP HP-UX B.11.11
HP HP-UX B.11.00
Gentoo Linux
FreeBSD FreeBSD 5.4 -RELENG
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FileZilla FileZilla Server 0.9.8 c
FileZilla FileZilla Server 0.9.8 b
FileZilla FileZilla Server 0.9.8 a
FileZilla FileZilla Server 0.9.8
FileZilla FileZilla Server 0.7.1
FileZilla FileZilla Server 0.7
FileZilla FileZilla Server 0.9.6
FileZilla FileZilla Server 0.9.5
FileZilla FileZilla Server 0.9.4e
FileZilla FileZilla Server 0.9.4d
FileZilla FileZilla Server 0.9.3
FileZilla FileZilla Server 0.9.2
FileZilla FileZilla Server 0.9.1b
FileZilla FileZilla Server 0.9.0
FileZilla FileZilla Server 0.8.9
FileZilla FileZilla Server 0.8.8
FileZilla FileZilla Server 0.8.7
FileZilla FileZilla Server 0.8.6a
FileZilla FileZilla Server 0.8.5
FileZilla FileZilla Server 0.8.4
FileZilla FileZilla Server 0.8.3
FileZilla FileZilla Server 0.8.2
FileZilla FileZilla Server 0.8.1
Ethereal Group Ethereal 0.10.11
Ethereal Group Ethereal 0.10.9
+ Gentoo Linux
Ethereal Group Ethereal 0.10.8
Ethereal Group Ethereal 0.10.7
Ethereal Group Ethereal 0.10.6
Ethereal Group Ethereal 0.10.5
Ethereal Group Ethereal 0.10.4
Ethereal Group Ethereal 0.10.3
Ethereal Group Ethereal 0.10.2
Ethereal Group Ethereal 0.10.1
Ethereal Group Ethereal 0.10 .10
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
Ethereal Group Ethereal 0.10
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
David Ingalls Bell Sash 3.7
David Ingalls Bell Sash 3.6
David Ingalls Bell Sash 3.4
Daniel Stenberg curl 7.17
CVS CVS 1.12.12
Conectiva Linux 10.0
Avaya Predictive Dialing System (PDS) 12.0
Apple Safari 3.1.1
Apple Safari 3.0.3 Beta
Apple Safari 3.0.1 Beta
Apple Safari 3.1
Apple Safari 3 Beta
Apple Safari 3
Apple Mac OS X Server 10.4.2
Apple Mac OS X 10.4.2
AIDE AIDE 0.10
zsync zsync 0.4.1
zlib zlib 1.2.3
Trolltech Qt 3.3.5
MySQL AB MySQL 4.1.13
FileZilla FileZilla Server 0.9.9
Ethereal Group Ethereal 0.10.12
CVS CVS 1.12.13
Apple Safari 3.1.2

- 不受影响的程序版本

zsync zsync 0.4.1
zlib zlib 1.2.3
Trolltech Qt 3.3.5
MySQL AB MySQL 4.1.13
FileZilla FileZilla Server 0.9.9
Ethereal Group Ethereal 0.10.12
CVS CVS 1.12.13
Apple Safari 3.1.2

- 漏洞讨论

Zlib is prone to a buffer-overflow vulnerability because the application fails to properly validate input data before using it in a memory copy operation.

In certain circumstances, malformed input data during decompression may cause a memory buffer to overflow. This may result in denial-of-service conditions or may allow remote code to execute in the context of applications that use the affected library.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Please see the referenced advisories for further information.


FileZilla FileZilla Server 0.9.5

David Ingalls Bell Sash 3.7

FileZilla FileZilla Server 0.8.3

David Ingalls Bell Sash 3.4

FileZilla FileZilla Server 0.8.7

OpenBSD OpenBSD 3.5

MySQL AB MySQL 4.1.0-0

MySQL AB MySQL 4.1.10a

OpenBSD OpenBSD 3.7

zsync zsync 0.0.5

zsync zsync 0.1.1

zsync zsync 0.1.2

zsync zsync 0.1.4

zsync zsync 0.1.6

Ethereal Group Ethereal 0.10 .10

Ethereal Group Ethereal 0.10

Ethereal Group Ethereal 0.10.11

Ethereal Group Ethereal 0.10.4

Ethereal Group Ethereal 0.10.8

Ethereal Group Ethereal 0.10.9

zsync zsync 0.2.3

zsync zsync 0.4

FileZilla FileZilla Server 0.7.1

FileZilla FileZilla Server 0.9.8 b

zlib zlib 1.0.3

zlib zlib 1.0.4

zlib zlib 1.0.7

zlib zlib 1.1

zlib zlib 1.1.2

zlib zlib 1.1.4

CVS CVS 1.12.12

IPCop IPCop 1.4.6

Slackware Linux 10.0

Apple Mac OS X 10.4.2

HP HP-UX 11.0

HP HP-UX 11.23

Trolltech Qt 2.3.1

MandrakeSoft Corporate Server 3.0

Trolltech Qt 3.0

Trolltech Qt 3.1

Trolltech Qt 3.2.1

Trolltech Qt 3.3.1

MySQL AB MySQL 4.0.10

MySQL AB MySQL 4.0.11 -gamma

MySQL AB MySQL 4.0.14

MySQL AB MySQL 4.0.18

MySQL AB MySQL 4.0.3

MySQL AB MySQL 4.0.4

MySQL AB MySQL 4.0.5

MySQL AB MySQL 4.0.8 -gamma

MySQL AB MySQL 4.0.9 -gamma

MySQL AB MySQL 4.1.3 -beta

MySQL AB MySQL 4.1.4

RedHat RPM 4.4.1

SCO Open Server 5.0.6

Ubuntu Ubuntu Linux 5.10 powerpc

FreeBSD FreeBSD 5.3 -STABLE

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站