(OpenBSD Issues Fix) zlib Buffer Overflow in 'inftrees.c' Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1014560 |
|
SecurityTracker URL: http://securitytracker.com/id/1014560
|
|
CVE Reference:
CVE-2005-1849
(Links to External Site)
|
Updated: Jul 23 2005
|
Original Entry Date: Jul 23 2005
|
Impact:
Denial of service via local system, Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.2.2
|
Description:
A vulnerability was reported in zlib. A remote user may be able to cause denial of service conditions.
The zlib library contains a buffer overflow that can be triggered when opening an invalid file, potentially causing the affected application to crash.
Markus Oberhumer is credited with discovering this vulnerability.
|
Impact:
A remote or local user may be able to cause an affected application to crash.
|
Solution:
OpenBSD has issued the following fixes:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/020_libz.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/005_libz.patch
|
Vendor URL: www.zlib.org/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
UNIX (OpenBSD)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 22 Jul 2005 22:09:00 -0400
Subject: [none]
|
> SECURITY FIX: July 21, 2005 All architectures
> A buffer overflow has been found in compress(3) which may be exploitable.
> Please note that this fixes a different buffer overflow than the previous zlib patch.
> A source code patch exists which remedies this problem.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/005_libz.patch
|
|
