SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Zlib Vendors:   GNU [multiple authors]
(NetBSD Base Not Affected; Fix Available for pkgsrc) Zlib Buffer Overflow in inflate_table() May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1014445
SecurityTracker URL:  http://securitytracker.com/id/1014445
CVE Reference:   CVE-2005-2096   (Links to External Site)
Date:  Jul 11 2005
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.2.2
Description:   A buffer overflow was reported in zlib in the processing of compressed data streams. A remote user may be able to cause denial of service conditions or execute arbitrary code on the target system.

A user can create a specially crafted compressed data stream that, when processed by an application using zlib, will trigger an overflow in the inflate_table() function and cause the application to crash or execute arbitrary code.

The vulnerability resides in 'inftrees.c'.

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered this vulnerability.

Impact:   A user can cause an application using zlib to crash or execute arbitrary code. The specific impact depends on the application.
Solution:   NetBSD has issued a Security Note indicating that NetBSD Base is not affected by this vulnerability.

Version 1.2.2 available from pkgsrc is vulnerable. A fixed version (1.2.2nb1) is now available from pkgsrc.

Vendor URL:  www.zlib.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (NetBSD)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 6 2005 Zlib Buffer Overflow in inflate_table() May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  NetBSD Security Advisory NetBSD-SN20050708-1: NetBSD base system not



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


		 NetBSD Security Note 20050708-1
		 ===============================

Topic:		NetBSD base system not vulnerable to zlib overflow
		pkgsrc did provide vulnerable versions

A zlib buffer overflow has been announced. 

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2096
 
The NetBSD Security Officer team was aware of this issue, and would 
like to reassure users that the NetBSD base system is not vulnerable. 

The bug was introduced in changes to zlib after 1.1.4, the latest
version supplied in the base install of NetBSD.

The vulnerable version, 1.2.2 has been available from pkgsrc. 

Users of the audit-packages tool will already have noticed that version
is marked as vulnerable, and the 1.2.2nb1 update addresses the issue.

Other pkgsrc users are encouraged to update devel/zlib to 1.2.2nb1, as
well as to take advantage of the security/audit-packages infrastructure.


Thanks To
=========

Tavis Ormandy
Colin Percival
Mark Adler
Matthias Drochner
Matthias Scheler

More Information
================

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/.

Copyright 2005, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SN20050708-1.txt,v 1.1 2005/07/08 15:54:11 david Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iQCVAwUBQs6+TD5Ru2/4N2IFAQI9HAQAvT7R6nDbr+xDroAXYkZrs2zdI9gkIStc
UswbbKNP1G8D90h4nIKrXtvNyG+e4squRtawLB06Fylu+OkielUWeTPIzzwmef0V
qWqWBxg1EWM2WigyDS/SmA6lrQt+dgJ4bfX0IiwakBItdM6v5yScB9svI4qi0aNl
n8+PU7IvbGU=
=PWU8
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC