SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Zlib Vendors:  GNU [multiple authors]
Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
SecurityTracker Alert ID:  1011085
SecurityTracker URL:  http://securitytracker.com/id?1011085
CVE Reference:  CAN-2004-0797   (Links to External Site)
Date:  Aug 30 2004
Impact:  Denial of service via local system, Denial of service via network
Vendor Confirmed:  Yes  
Version(s): 1.2 - 1.2.1
Description:  A vulnerability was reported in zlib. A remote user can cause denial of service conditions.

Johan Thelmen reported that a specially crafted file can cause a segmentation fault in zlib.

It is reported that the inflate() and inflateBack() functions do not properly handle errors.
Impact:  A user can create a file that when processed by zlib, will cause a segmentation fault. The specific impact depends on the application using zlib.
Solution:  No upstream solution was available at the time of this entry.
Vendor URL:  www.gzip.org/zlib/ (Links to External Site)
Cause:  Exception handling error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  Johan Thelmen <johan.thelmen@cygate.se>
Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 30 2004 (Gentoo Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service   (Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>)
Gentoo has released a fix.
Aug 30 2004 (OpenBSD Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
OpenBSD has issued a fix.
Aug 30 2004 (FileZilla Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
FileZilla is affected by the zlib vulnerability.
Sep 3 2004 (SuSE Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service   (Thomas Biege <thomas@suse.de>)
SuSE has released a fix.
Sep 8 2004 (Mandrake Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Sep 15 2004 (Conectiva Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.
Oct 4 2004 (Slackware Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service   (Slackware Security Team <security@slackware.com>)
Slackware has released a fix.
Oct 19 2004 (SCO Issues Fix for UnixWare) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
SCO has issued a fix for UnixWare 7.1.3 and 7.1.4.
Nov 3 2004 (Vendor Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service   (Mark Adler <madler@alumni.caltech.edu>)
The vendor has issued a fixed version.
Dec 29 2004 (Conectiva Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.


 Source Message Contents
Date:  Wed, 2 Jun 2004 13:06:36 +0200
From:  Johan Thelmen <johan.thelmen@cygate.se>
Subject:  SIGSEGV in zlib1g 1.2.1.1-3 with pwzip-file

 
 
Package: zlib1g
Version: 1.2.1.1-3
Severity: important
 
Debian verison 0.70 and also in clamscan / ClamAV version devel-20040602
ii  zlib1g                       1.2.1.1-3
 
With zlib1g_1.1.4-1.0woody0_i386.deb it is working.
 
 
inflate_table (type=LENS, lens=0x8c24c08, codes=281, table=0x8c24c04, bits=0x8c24bec, work=0x8c24e88)
 at inftrees.c:110
110             count[lens[sym]]++;
(gdb) bt
#0  inflate_table (type=LENS, lens=0x8c24c08, codes=281, table=0x8c24c04, bits=0x8c24bec, work=0x8c24
e88) at inftrees.c:110
#1  0x4006745b in inflate (strm=0x8054db8, flush=0) at inflate.c:868
#2  0x400273d9 in zzip_file_read (fp=0x8054d90, buf=0x0, len=146951176) at zziplib/zzip-file.c:391
#3  0x4002169b in cli_scanzip (desc=7, virname=0xbffff7a8, scanned=0x80529dc, root=0x805b198, limits=
0x8c27338, options=9,
    reclev=0xbffff784) at scanners.c:457
#4  0x40023139 in cli_magic_scandesc (desc=7, virname=0xbffff7a8, scanned=0x80529dc, root=0x805b198, 
limits=0x8c27338, options=9,
    reclev=0xbffff784) at scanners.c:1072
#5  0x40023362 in cl_scandesc (desc=146951176, virname=0x8c24c08, scanned=0x8c24c08, root=0x8c24c08, 
limits=0x8c24c08,
    options=146951176) at scanners.c:1136
#6  0x0804dac8 in checkfile (filename=0x8054c08 "3556419.4495.BKSO1kjuV", root=0x8c24c08, l
imits=0x8c24c08, options=146951176)
    at manager.c:832
#7  0x0804ca05 in scanfile (filename=0x8054c08 "3556419.4495.BKSO1kjuV", root=0x805b198, us
er=0x401f3f58, opt=0x8053008,
    limits=0x8c27338) at manager.c:513
#8  0x0804bdad in scanmanager (opt=0x8053008) at manager.c:307
#9  0x0804ab43 in clamscan (opt=0x8053008) at clamscan.c:147
#10 0x0804b2b8 in main (argc=2, argv=0xbffffb54) at options.c:149
 
-- 
Johan Thelmén
Cygate Måldata
Sweden Borlänge


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC