SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#680620

zlib inflate() routine vulnerable to buffer overflow

Overview

A buffer overflow in the zlib compression library may cause any application linked to zlib to improperly and immediately terminate.

I. Description

There is a buffer overflow in the zlib data-compression library caused by a lack of bounds checking in the inflate() routine. If an attacker supplies the inflate()routine with a specially crafted compressed data stream, that attacker may be able to trigger the buffer overflow causing any application linked to zlib, or incorporating zlib code to crash. According to reports, the buffer overflow is caused by a specific input stream and results in a constant value being written into an arbitrary memory location. This vulnerability may be exploited locally or remotely depending on the application being attacked.

This vulnerability only affects zlib versions 1.2.1 and 1.2.2.

II. Impact

A remote attacker be able to exploit this vulnerability by supplying the inflate() routine with specially crafted compressed data. As a result, applications linked to the zlib library may abruptly and abnormally terminate resulting in a denial-of-service condition. According to public reports, this vulnerability can be exploited to execute arbitrary code, but we have not confirmed this.

III. Solution

Apply patches from your vendor


The zlib compression library is freely available and used by many vendors in a wide variety of applications. As a result, any one of these applications may contain this vulnerabilitiy. Users are encouraged to contact their vendors to determine if they are vulnerable and what action to take.

Systems Affected

VendorStatusDate Updated
3ComUnknown11-Jul-2005
AlcatelUnknown11-Jul-2005
Apple Computer, Inc.Unknown11-Jul-2005
AT&TUnknown11-Jul-2005
AvayaUnknown11-Jul-2005
Avici Systems Inc.Unknown11-Jul-2005
BorderwareUnknown11-Jul-2005
Check PointUnknown11-Jul-2005
Chiaro NetworksUnknown11-Jul-2005
Cisco Systems, Inc.Unknown11-Jul-2005
Cisco Systems, Inc.Unknown31-Aug-2005
ClavisterUnknown11-Jul-2005
Computer AssociatesUnknown11-Jul-2005
Cray Inc.Unknown11-Jul-2005
CVS HomeVulnerable5-Oct-2005
CwntUnknown11-Jul-2005
Data ConnectionUnknown11-Jul-2005
Debian LinuxUnknown11-Jul-2005
EMC CorporationUnknown11-Jul-2005
EngardeUnknown11-Jul-2005
eSoftUnknown11-Jul-2005
Extreme NetworksUnknown11-Jul-2005
F5 Networks, Inc.Unknown11-Jul-2005
Force10 Networks Inc.Unknown11-Jul-2005
FortinetUnknown11-Jul-2005
Foundry Networks Inc.Not Vulnerable13-Jul-2005
FreeBSD, Inc.Unknown11-Jul-2005
FujitsuUnknown11-Jul-2005
GentooVulnerable13-Jul-2005
GTAUnknown11-Jul-2005
Hewlett-Packard CompanyUnknown11-Jul-2005
HitachiUnknown11-Jul-2005
HyperchipUnknown11-Jul-2005
IBM-zSeriesUnknown11-Jul-2005
IBM CorporationUnknown9-Aug-2005
IBM eServerUnknown11-Jul-2005
ImmunixUnknown11-Jul-2005
Ingrian Networks, Inc.Unknown11-Jul-2005
InotoUnknown11-Jul-2005
IntelUnknown11-Jul-2005
IPfUnknown11-Jul-2005
ISSUnknown11-Jul-2005
Juniper Networks, Inc.Not Vulnerable22-Jul-2005
LinksysUnknown11-Jul-2005
Lucent TechnologiesUnknown11-Jul-2005
LuminousUnknown11-Jul-2005
Mandriva, Inc.Vulnerable11-Jul-2005
Mandriva, Inc.Unknown11-Jul-2005
Microsoft CorporationNot Vulnerable12-Jul-2005
MontaVista Software, Inc.Unknown11-Jul-2005
Multi-Tech Systems Inc.Unknown11-Jul-2005
MultinetUnknown11-Jul-2005
NEC CorporationUnknown11-Jul-2005
NetBSDNot Vulnerable11-Jul-2005
NetfilterUnknown11-Jul-2005
Network ApplianceUnknown11-Jul-2005
NextHopUnknown11-Jul-2005
Nortel Networks, Inc.Unknown11-Jul-2005
Novell, Inc.Unknown11-Jul-2005
OpenBSDUnknown11-Jul-2005
Openwall GNU/*/LinuxNot Vulnerable12-Jul-2005
QNXUnknown11-Jul-2005
Red Hat, Inc.Vulnerable11-Jul-2005
Redback Networks Inc.Unknown11-Jul-2005
Riverstone NetworksUnknown11-Jul-2005
Secure Computing CorporationUnknown11-Jul-2005
SecureWorksUnknown11-Jul-2005
Sequent Computer Systems, Inc.Unknown11-Jul-2005
SGIUnknown11-Jul-2005
Sony CorporationUnknown11-Jul-2005
StonesoftUnknown11-Jul-2005
Sun Microsystems, Inc.Unknown11-Jul-2005
SUSE LinuxUnknown11-Jul-2005
Symantec CorporationUnknown11-Jul-2005
The SCO Group (SCO Linux)Unknown11-Jul-2005
The SCO Group (SCO Unix)Unknown11-Jul-2005
TurboLinuxNot Vulnerable12-Jul-2005
UnisysUnknown11-Jul-2005
WatchGuardUnknown11-Jul-2005
Wind River Systems, Inc.Unknown11-Jul-2005
Zlib.orgUnknown11-Jul-2005
ZyXELUnknown11-Jul-2005

References


ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc
https://rhn.redhat.com/errata/RHSA-2005-569.html
http://secunia.com/advisories/15949/
http://dev.gentoo.org/~taviso/blog/#e2005-07-21T17_24_15.txt
http://secunia.com/advisories/24788
http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=3616065
http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=9916286

Credit

This vulnerability was reported by Mark Adler.

This document was written by Jeff Gennari.

Other Information

Date Public07/02/2005
Date First Published07/12/2005 11:06:49 AM
Date Last Updated04/05/2007
CERT Advisory 
CVE NameCVE-2005-2096
US-CERT Technical Alerts 
Metric9.45
Document Revision82

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader