English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.55333
Category:Fedora Local Security Checks
Title:Fedora Legacy Security Advisory FLSA-2005:162680
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory FLSA-2005:162680.

Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2
and above. An attacker could create a carefully crafted compressed
stream that would cause an application to crash if the stream is opened
by a user. As an example, an attacker could create a malicious PNG image
file which would cause a web browser or mail viewer to crash if the
image is viewed. The Common Vulnerabilities and Exposures project
assigned the name CVE-2005-2096 to this issue.

Markus Oberhumer discovered additional ways a stream could trigger an
overflow. An attacker could create a carefully crafted compressed stream
that would cause an application to crash if the stream is opened by a
user. As an example, an attacker could create a malicious PNG image file
that would cause a Web browser or mail viewer to crash if the image is
viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2005-1849 to this issue.

All users should update to these erratum packages which contain a patch
from Mark Adler which corrects this issue.

Affected platforms:
Fedora Core 1
Fedora Core 2

Solution:
http://www.securityspace.com/smysecure/catid.html?in=FLSA-2005:162680

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-1849
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
BugTraq ID: 14340
http://www.securityfocus.com/bid/14340
Bugtraq: 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates (Google Search)
http://www.securityfocus.com/archive/1/464745/100/0/threaded
Debian Security Information: DSA-1026 (Google Search)
http://www.debian.org/security/2006/dsa-1026
Debian Security Information: DSA-763 (Google Search)
http://www.debian.org/security/2005/dsa-763
Debian Security Information: DSA-797 (Google Search)
http://www.debian.org/security/2005/dsa-797
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:196
http://www.mandriva.com/security/advisories?name=MDKSA-2006:070
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
http://www.osvdb.org/18141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402
http://www.redhat.com/support/errata/RHSA-2005-584.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SCO Security Bulletin: SCOSA-2006.6
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt
http://securitytracker.com/id?1014540
http://secunia.com/advisories/16137
http://secunia.com/advisories/17326
http://secunia.com/advisories/17516
http://secunia.com/advisories/18377
http://secunia.com/advisories/19334
http://secunia.com/advisories/19550
http://secunia.com/advisories/19597
http://secunia.com/advisories/24788
http://secunia.com/advisories/31492
SuSE Security Announcement: SUSE-SA:2005:043 (Google Search)
http://www.novell.com/linux/security/advisories/2005_43_zlib.html
http://www.ubuntulinux.org/usn/usn-151-3
http://www.vupen.com/english/advisories/2007/1267
XForce ISS Database: zlib-codetable-dos(21456)
https://exchange.xforce.ibmcloud.com/vulnerabilities/21456
Common Vulnerability Exposure (CVE) ID: CVE-2005-2096
1014398
http://securitytracker.com/id?1014398
101989
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1
14162
http://www.securityfocus.com/bid/14162
15949
http://secunia.com/advisories/15949
17054
http://secunia.com/advisories/17054
17225
http://secunia.com/advisories/17225
17236
http://secunia.com/advisories/17236
17326
17516
18377
18406
http://secunia.com/advisories/18406
18507
http://secunia.com/advisories/18507
19550
19597
20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates
20071018 Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)
http://www.securityfocus.com/archive/1/482505/100/0/threaded
20071018 Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/482503/100/0/threaded
20071020 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/482571/100/0/threaded
20071021 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/482601/100/0/threaded
20071029 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/482949/100/0/threaded
20071029 Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/482950/100/0/threaded
24788
31492
32706
http://secunia.com/advisories/32706
ADV-2005-0978
http://www.vupen.com/english/advisories/2005/0978
ADV-2006-0144
http://www.vupen.com/english/advisories/2006/0144
ADV-2007-1267
APPLE-SA-2005-08-15
APPLE-SA-2005-08-17
APPLE-SA-2008-11-13
http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
DSA-1026
DSA-740
http://www.debian.org/security/2005/dsa-740
DSA-797
FLSA:162680
FreeBSD-SA-05:16.zlib
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc
GLSA-200507-05
http://security.gentoo.org/glsa/glsa-200507-05.xml
GLSA-200509-18
HPSBUX02090
http://www.securityfocus.com/archive/1/421411/100/0/threaded
MDKSA-2005:112
http://www.mandriva.com/security/advisories?name=MDKSA-2005:112
MDKSA-2005:196
MDKSA-2006:070
RHSA-2005:569
http://www.redhat.com/support/errata/RHSA-2005-569.html
RHSA-2008:0629
SCOSA-2006.6
SSRT051058
USN-148-1
https://usn.ubuntu.com/148-1/
USN-151-3
VU#680620
http://www.kb.cert.org/vuls/id/680620
hpux-secure-shell-dos(24064)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24064
http://support.apple.com/kb/HT3298
http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm
http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391
oval:org.mitre.oval:def:11500
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11500
oval:org.mitre.oval:def:1262
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1262
oval:org.mitre.oval:def:1542
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1542
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.