Test ID:	1.3.6.1.4.1.25623.1.0.51406
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:619
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2003:619. zlib[1] is a compression library used by several programs. Richard Kettlewell discovered[1] a buffer overflow vulnerability[2] in the gzprintf() function provided by zlib. If a program passes unsafe data to this function (e.g. data from remote images or network traffic), it is possible for a remote attacker to execute arbitrary code or to cause a denial of service in such programs. Although hundreds of programs are linked against zlib in Conectiva Linux, the vulnerable function, gzprintf(), is rarely used, which lessens the impact of this vulnerability. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2003-0107 to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.gzip.org/zlib/ http://online.securityfocus.com/archive/1/312869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0107 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:619 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 6913 Common Vulnerability Exposure (CVE) ID: CVE-2003-0107 http://www.securityfocus.com/bid/6913 Bugtraq: 20030222 buffer overrun in zlib 1.1.4 (Google Search) http://online.securityfocus.com/archive/1/312869 Bugtraq: 20030223 poc zlib sploit just for fun :) (Google Search) http://marc.info/?l=bugtraq&m=104610337726297&w=2 Bugtraq: 20030224 Re: buffer overrun in zlib 1.1.4 (Google Search) http://marc.info/?l=bugtraq&m=104610536129508&w=2 Bugtraq: 20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25 (Google Search) http://marc.info/?l=bugtraq&m=104620610427210&w=2 Caldera Security Advisory: CSSA-2003-011.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt CERT/CC vulnerability note: VU#142121 http://www.kb.cert.org/vuls/id/142121 Conectiva Linux advisory: CLSA-2003:619 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619 http://marc.info/?l=bugtraq&m=104887247624907&w=2 http://jvn.jp/en/jp/JVN78689801/index.html http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033 NETBSD Security Advisory: NetBSD-SA2003-004 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc http://www.osvdb.org/6599 http://www.redhat.com/support/errata/RHSA-2003-079.html http://www.redhat.com/support/errata/RHSA-2003-081.html http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405 http://www.iss.net/security_center/static/11381.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.