SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Zlib Vendors:   GNU [multiple authors]
Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
SecurityTracker Alert ID:  1011085
SecurityTracker URL:  http://securitytracker.com/id/1011085
CVE Reference:   CVE-2004-0797   (Links to External Site)
Date:  Aug 30 2004
Impact:   Denial of service via local system, Denial of service via network
Vendor Confirmed:  Yes  
Version(s): 1.2 - 1.2.1
Description:   A vulnerability was reported in zlib. A remote user can cause denial of service conditions.

Johan Thelmen reported that a specially crafted file can cause a segmentation fault in zlib.

It is reported that the inflate() and inflateBack() functions do not properly handle errors.

Impact:   A user can create a file that when processed by zlib, will cause a segmentation fault. The specific impact depends on the application using zlib.
Solution:   No upstream solution was available at the time of this entry.
Vendor URL:  www.gzip.org/zlib/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 30 2004 (Gentoo Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
Gentoo has released a fix.
Aug 30 2004 (OpenBSD Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
OpenBSD has issued a fix.
Aug 30 2004 (FileZilla Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
FileZilla is affected by the zlib vulnerability.
Sep 3 2004 (SuSE Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
SuSE has released a fix.
Sep 8 2004 (Mandrake Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
Mandrake has released a fix.
Sep 15 2004 (Conectiva Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
Conectiva has released a fix.
Oct 4 2004 (Slackware Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
Slackware has released a fix.
Oct 19 2004 (SCO Issues Fix for UnixWare) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
SCO has issued a fix for UnixWare 7.1.3 and 7.1.4.
Nov 3 2004 (Vendor Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
The vendor has issued a fixed version.
Dec 29 2004 (Conectiva Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
Conectiva has released a fix.



 Source Message Contents

Subject:  SIGSEGV in zlib1g 1.2.1.1-3 with pwzip-file


Package: zlib1g
Version: 1.2.1.1-3
Severity: important

Debian verison 0.70 and also in clamscan / ClamAV version devel-20040602
ii  zlib1g                       1.2.1.1-3

With zlib1g_1.1.4-1.0woody0_i386.deb it is working.


inflate_table (type=LENS, lens=0x8c24c08, codes=281, table=0x8c24c04, bits=0x8c24bec, work=0x8c24e88) at inftrees.c:110
110             count[lens[sym]]++;
(gdb) bt
#0  inflate_table (type=LENS, lens=0x8c24c08, codes=281, table=0x8c24c04, bits=0x8c24bec, work=0x8c24e88) at inftrees.c:110
#1  0x4006745b in inflate (strm=0x8054db8, flush=0) at inflate.c:868
#2  0x400273d9 in zzip_file_read (fp=0x8054d90, buf=0x0, len=146951176) at zziplib/zzip-file.c:391
#3  0x4002169b in cli_scanzip (desc=7, virname=0xbffff7a8, scanned=0x80529dc, root=0x805b198, limits=0x8c27338, options=9,
    reclev=0xbffff784) at scanners.c:457
#4  0x40023139 in cli_magic_scandesc (desc=7, virname=0xbffff7a8, scanned=0x80529dc, root=0x805b198, limits=0x8c27338, options=9,
    reclev=0xbffff784) at scanners.c:1072
#5  0x40023362 in cl_scandesc (desc=146951176, virname=0x8c24c08, scanned=0x8c24c08, root=0x8c24c08, limits=0x8c24c08,
    options=146951176) at scanners.c:1136
#6  0x0804dac8 in checkfile (filename=0x8054c08 "3556419.4495.BKSO1kjuV", root=0x8c24c08, limits=0x8c24c08, options=146951176)
    at manager.c:832
#7  0x0804ca05 in scanfile (filename=0x8054c08 "3556419.4495.BKSO1kjuV", root=0x805b198, user=0x401f3f58, opt=0x8053008,
    limits=0x8c27338) at manager.c:513
#8  0x0804bdad in scanmanager (opt=0x8053008) at manager.c:307
#9  0x0804ab43 in clamscan (opt=0x8053008) at clamscan.c:147
#10 0x0804b2b8 in main (argc=2, argv=0xbffffb54) at options.c:149

-- 
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC