English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 73247 CVE descriptions
and 39212 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.54180
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-148-1 (zlib)
Summary:Ubuntu USN-148-1 (zlib)
Description:
The remote host is missing an update to zlib
announced via advisory USN-148-1.

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected: zlib1g

Tavis Ormandy discovered that zlib did not properly verify data
streams. Decompressing certain invalid compressed files caused
corruption of internal data structures, which caused applications
which link to zlib to crash. Specially crafted input might even have
allowed arbitrary code execution.

zlib is used by hundreds of server and client applications, so this
vulnerability could be exploited to cause Denial of Service attacks to
almost all services provided by an Ubuntu system.

Solution:
The problem can be corrected by upgrading the affected package to
version 1:1.2.1.1-3ubuntu1.1 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.1
(for Ubuntu 5.04). A standard system upgrade is NOT SUFFICIENT to
effect the necessary changes! If you can afford to reboot your
machine, this is the easiest way to ensure that all services using
this library are restarted correctly. If not, please manually restart
all server applications.

http://www.securityspace.com/smysecure/catid.html?in=USN-148-1

Risk factor : High
Cross-Ref: BugTraq ID: 14162
Common Vulnerability Exposure (CVE) ID: CVE-2005-2096
Bugtraq: 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates (Google Search)
http://www.securityfocus.com/archive/1/archive/1/464745/100/0/threaded
Bugtraq: 20071021 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482949/100/0/threaded
Bugtraq: 20071029 Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482950/100/0/threaded
Bugtraq: 20071018 Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482505/100/0/threaded
Bugtraq: 20071018 Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482503/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/482571/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/482601/100/0/threaded
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
Debian Security Information: DSA-740 (Google Search)
http://www.debian.org/security/2005/dsa-740
Debian Security Information: DSA-797 (Google Search)
http://www.debian.org/security/2005/dsa-797
Debian Security Information: DSA-1026 (Google Search)
http://www.debian.org/security/2006/dsa-1026
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
FreeBSD Security Advisory: FreeBSD-SA-05:16.zlib
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc
http://security.gentoo.org/glsa/glsa-200507-05.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml
HPdes Security Advisory: HPSBUX02090
http://www.securityfocus.com/archive/1/archive/1/421411/100/0/threaded
HPdes Security Advisory: SSRT051058
http://www.mandriva.com/security/advisories?name=MDKSA-2005:112
http://www.mandriva.com/security/advisories?name=MDKSA-2005:196
http://www.mandriva.com/security/advisories?name=MDKSA-2006:070
http://www.redhat.com/support/errata/RHSA-2005-569.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SCO Security Bulletin: SCOSA-2006.6
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1
SuSE Security Announcement: SUSE-SA:2005:039 (Google Search)
http://www.ubuntulinux.org/support/documentation/usn/usn-148-1
http://www.ubuntulinux.org/usn/usn-151-3
CERT/CC vulnerability note: VU#680620
http://www.kb.cert.org/vuls/id/680620
http://www.securityfocus.com/bid/14162
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11500
http://secunia.com/advisories/32706
http://www.vupen.com/english/advisories/2005/0978
http://www.vupen.com/english/advisories/2006/0144
http://www.vupen.com/english/advisories/2007/1267
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1262
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1542
http://securitytracker.com/id?1014398
http://secunia.com/advisories/15949
http://secunia.com/advisories/18406
http://secunia.com/advisories/18377
http://secunia.com/advisories/17054
http://secunia.com/advisories/17225
http://secunia.com/advisories/17236
http://secunia.com/advisories/17326
http://secunia.com/advisories/17516
http://secunia.com/advisories/19550
http://secunia.com/advisories/18507
http://secunia.com/advisories/19597
http://secunia.com/advisories/24788
http://secunia.com/advisories/31492
XForce ISS Database: hpux-secure-shell-dos(24064)
http://xforce.iss.net/xforce/xfdb/24064
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 39212 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.