Vulnerability Bulletins |
Denegación de Servicio en zlib |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Denegación de Servicio |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | Networking |
| Affected software | sys-libs/zlib <= 1.2.1-r2 |
Description |
|
|
Zlib es una librería de compresión de datos de propósito general. Debido a un manejo incorrecto en zlib un atacante podría llevar a cabo una denegación de servicio. El error existe en la funciones "inflate()" y "inflateBack()". |
|
Solution |
|
|
Actualizacion de software Open BSD Parche ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch Suse Linux x86 Platform - SUSE Linux 9.1 RPM ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/zlib-1.2.1-70.6.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/zlib-devel-1.2.1-70.6.i586.rpm patch ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/zlib-1.2.1-70.6.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/zlib-devel-1.2.1-70.6.i586.patch.rpm source ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/zlib-1.2.1-70.6.src.rpm x86-64 Platform - SUSE Linux 9.1 RPM ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/zlib-1.2.1-70.6.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/zlib-devel-1.2.1-70.6.x86_64.rpm patch ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/zlib-1.2.1-70.6.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/zlib-devel-1.2.1-70.6.x86_64.patch.rpm source ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/zlib-1.2.1-70.6.src.rpm Mandrake Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/zlib1-1.2.1-2.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/zlib1-devel-1.2.1-2.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/zlib-1.2.1-2.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/zlib1-1.2.1-2.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/zlib1-devel-1.2.1-2.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/zlib-1.2.1-2.1.100mdk.src.rpm SCO UnixWare 7.1.4 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.33/zlib-1.2.3.pkg UnixWare 7.1.3 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.33/zlib-1.2.3.pkg OpenServer 5.0.6 ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/ OpenServer 5.0.7 ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar OpenServer 6.0.0 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6 |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2004-0797 |
| BID | |
Other resources |
|
|
Open BSD RELIABILITY FIX: August 29, 2004 (017) http://www.openbsd.org/errata.html#libz SUSE Security Announcement SUSE-SA:2004:029 http://www.suse.de/de/security/2004_29_zlib.html Mandrakesoft Security Advisory MDKSA-2004:090 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:090 SCO Security Advisory SCOSA-2004.17 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17/SCOSA-2004.17.txt SCO Security Advisory (SCOSA-2005.33) ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.33/SCOSA-2005.33.txt SCO Security Advisory (SCOSA-2006.6) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2004-08-31 |
| 1.1 | Aviso emitido por Suse (SUSE-SA:2004:029) | 2004-09-03 |
| 1.2 | Aviso emitido por Mandrake (MDKSA-2004:090) | 2004-09-08 |
| 1.3 | Aviso actualizado por SCO (SCOSA-2004.17) | 2004-10-19 |
| 1.4 | Aviso emitido por SCO (SCOSA-2005.33) | 2005-09-02 |
| 1.5 | Aviso emitido por SCO (SCOSA-2006.6) | 2006-01-12 |