(OpenBSD Issues Fix) Zlib Error Handling Bug in inflate() and inflateBack() Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1011087 |
|
SecurityTracker URL: http://securitytracker.com/id/1011087
|
|
CVE Reference:
CAN-2004-0797
(Links to External Site)
|
Date: Aug 30 2004
|
Impact:
Denial of service via local system, Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.2 - 1.2.1
|
Description:
A vulnerability was reported in zlib. A remote user can cause denial of service conditions.
Johan Thelmen reported that a specially crafted file can cause a segmentation fault in zlib.
It is reported that the inflate() and inflateBack() functions do not properly handle errors.
|
Impact:
A user can create a file that when processed by zlib, will cause a segmentation fault. The specific impact depends on the application using zlib.
|
Solution:
OpenBSD has issued a patch, available at:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch
|
Vendor URL: www.gzip.org/zlib/ (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
UNIX (OpenBSD)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Aug 29, 2004
Subject: OpenBSD zlib fix
|
> RELIABILITY FIX: August 29, 2004
> Due to incorrect error handling in zlib an attacker could potentially cause a
> Denial of Service attack. CAN-2004-0797 .
> A source code patch exists which remedies this problem.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch
|
|
