English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.50799
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2002:023-1 (packages)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to packages
announced via advisory MDKSA-2002:023-1.

Matthias Clasen found a security issue in zlib that, when provided with
certain input, causes zlib to free an area of memory twice. This
double free bug can be used to crash any programs that take untrusted
compressed input, such as web browsers, email clients, image viewing
software, etc. This vulnerability can be used to perform Denial of
Service attacks and, quite possibly, the execution of arbitrary code on
the affected system.

MandrakeSoft has published two advisories concerning this incident:

MDKSA-2002:022 - zlib
MDKSA-2002:023 - packages containing zlib


Update:

Additional package are now available. For a list of prior packages
released, please see MDKSA-2002:023. The noted packages below are in
addition to MDKSA-2002:023
no packages have been replaced.

Affected versions: 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:023-1
http://www.kb.cert.org/vuls/id/368819

Risk factor : High

CVSS Score:
7.5

Cross-Ref: BugTraq ID: 4267
Common Vulnerability Exposure (CVE) ID: CVE-2002-0059
http://www.securityfocus.com/bid/4267
Bugtraq: 20020311 security problem fixed in zlib 1.1.4 (Google Search)
Bugtraq: 20020312 Re: [VulnWatch] exploiting the zlib bug in openssh (Google Search)
Bugtraq: 20020312 [OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib) (Google Search)
Bugtraq: 20020312 exploiting the zlib bug in openssh (Google Search)
Bugtraq: 20020312 zlib & java (Google Search)
Bugtraq: 20020312 zlibscan : script to find suid binaries possibly affected by zlib vulnerability (Google Search)
Bugtraq: 20020313 OpenSSH rebuild warning: problems avoiding zlib problems in Solaris (Google Search)
Bugtraq: 20020314 Re: about zlib vulnerability - Microsoft products (Google Search)
Bugtraq: 20020314 ZLib double free bug: Windows NT potentially unaffected (Google Search)
Bugtraq: 20020314 about zlib vulnerability (Google Search)
Bugtraq: 20020315 RE: [Whitehat] about zlib vulnerability (Google Search)
Bugtraq: 20020318 TSLSA-2002-0040 - zlib (Google Search)
Bugtraq: 20020402 VNC Security Bulletin - zlib double free issue (multiple vendors and versions) (Google Search)
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
Caldera Security Advisory: CSSA-2002-015.1
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
http://www.cert.org/advisories/CA-2002-07.html
CERT/CC vulnerability note: VU#368819
http://www.kb.cert.org/vuls/id/368819
Cisco Security Advisory: 20020403 Vulnerability in the zlib Compression Library
Conectiva Linux advisory: CLA-2002:469
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
Debian Security Information: DSA-122 (Google Search)
http://www.debian.org/security/2002/dsa-122
En Garde Linux Advisory: ESA-20020311-008
FreeBSD Security Advisory: FreeBSD-SA-02:18
HPdes Security Advisory: HPSBTL0204-030
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
HPdes Security Advisory: HPSBTL0204-036
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
HPdes Security Advisory: HPSBTL0204-037
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
OpenBSD Security Advisory: 20020313 015: RELIABILITY FIX: March 13, 2002
http://www.redhat.com/support/errata/RHSA-2002-026.html
http://www.redhat.com/support/errata/RHSA-2002-027.html
SuSE Security Announcement: SuSE-SA:2002:010 (Google Search)
SuSE Security Announcement: SuSE-SA:2002:011 (Google Search)
XForce ISS Database: zlib-doublefree-memory-corruption(8427)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8427
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.