English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56569
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2006:070 (sash)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to sash
announced via advisory MDKSA-2006:070.

Tavis Ormandy of the Gentoo Security Project discovered a vulnerability
in zlib where a certain data stream would cause zlib to corrupt a data
structure, resulting in the linked application to dump core
(CVE-2005-2096).

Markus Oberhumber discovered additional ways that a specially-crafted
compressed stream could trigger an overflow. An attacker could create
such a stream that would cause a linked application to crash if opened
by a user (CVE-2005-1849).

Both of these issues have previously been fixed in zlib, but sash links
statically against zlib and is thus also affected by these issues. New
sash packages are available that link against the updated zlib packages.

Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:070

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-2096
1014398
http://securitytracker.com/id?1014398
101989
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1
14162
http://www.securityfocus.com/bid/14162
15949
http://secunia.com/advisories/15949
17054
http://secunia.com/advisories/17054
17225
http://secunia.com/advisories/17225
17236
http://secunia.com/advisories/17236
17326
http://secunia.com/advisories/17326
17516
http://secunia.com/advisories/17516
18377
http://secunia.com/advisories/18377
18406
http://secunia.com/advisories/18406
18507
http://secunia.com/advisories/18507
19550
http://secunia.com/advisories/19550
19597
http://secunia.com/advisories/19597
20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates
http://www.securityfocus.com/archive/1/464745/100/0/threaded
20071018 Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)
http://www.securityfocus.com/archive/1/482505/100/0/threaded
20071018 Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/482503/100/0/threaded
20071020 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/482571/100/0/threaded
20071021 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/482601/100/0/threaded
20071029 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/482949/100/0/threaded
20071029 Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)
http://www.securityfocus.com/archive/1/482950/100/0/threaded
24788
http://secunia.com/advisories/24788
31492
http://secunia.com/advisories/31492
32706
http://secunia.com/advisories/32706
ADV-2005-0978
http://www.vupen.com/english/advisories/2005/0978
ADV-2006-0144
http://www.vupen.com/english/advisories/2006/0144
ADV-2007-1267
http://www.vupen.com/english/advisories/2007/1267
APPLE-SA-2005-08-15
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
APPLE-SA-2005-08-17
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
APPLE-SA-2008-11-13
http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
DSA-1026
http://www.debian.org/security/2006/dsa-1026
DSA-740
http://www.debian.org/security/2005/dsa-740
DSA-797
http://www.debian.org/security/2005/dsa-797
FLSA:162680
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
FreeBSD-SA-05:16.zlib
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc
GLSA-200507-05
http://security.gentoo.org/glsa/glsa-200507-05.xml
GLSA-200509-18
http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml
HPSBUX02090
http://www.securityfocus.com/archive/1/421411/100/0/threaded
MDKSA-2005:112
http://www.mandriva.com/security/advisories?name=MDKSA-2005:112
MDKSA-2005:196
http://www.mandriva.com/security/advisories?name=MDKSA-2005:196
MDKSA-2006:070
http://www.mandriva.com/security/advisories?name=MDKSA-2006:070
RHSA-2005:569
http://www.redhat.com/support/errata/RHSA-2005-569.html
RHSA-2008:0629
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SCOSA-2006.6
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt
SSRT051058
USN-148-1
https://usn.ubuntu.com/148-1/
USN-151-3
http://www.ubuntulinux.org/usn/usn-151-3
VU#680620
http://www.kb.cert.org/vuls/id/680620
hpux-secure-shell-dos(24064)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24064
http://support.apple.com/kb/HT3298
http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm
http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391
oval:org.mitre.oval:def:11500
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11500
oval:org.mitre.oval:def:1262
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1262
oval:org.mitre.oval:def:1542
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1542
Common Vulnerability Exposure (CVE) ID: CVE-2005-1849
BugTraq ID: 14340
http://www.securityfocus.com/bid/14340
Bugtraq: 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates (Google Search)
Debian Security Information: DSA-1026 (Google Search)
Debian Security Information: DSA-763 (Google Search)
http://www.debian.org/security/2005/dsa-763
Debian Security Information: DSA-797 (Google Search)
http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
http://www.osvdb.org/18141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402
http://www.redhat.com/support/errata/RHSA-2005-584.html
SCO Security Bulletin: SCOSA-2006.6
http://securitytracker.com/id?1014540
http://secunia.com/advisories/16137
http://secunia.com/advisories/19334
SuSE Security Announcement: SUSE-SA:2005:043 (Google Search)
http://www.novell.com/linux/security/advisories/2005_43_zlib.html
XForce ISS Database: zlib-codetable-dos(21456)
https://exchange.xforce.ibmcloud.com/vulnerabilities/21456
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.