Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] zlib prior to 1.2.2-r1 contains buffer overflow

from [Chris Wysopal] Network Security [Permanent Link]
Subject: [VulnWatch] zlib prior to 1.2.2-r1 contains buffer overflow
Date: Sun, 10 Jul 2005 11:24:17 -0500 (EST) 

Secunia advisory: http://secunia.com/advisories/15949/

Any program that uses zlib is likely to be effected by this issue. An old
list of programs that use zlib is here:

http://www.gzip.org/zlib/apps.gz.html.

If the program statically links zlib the vendor will need to recompile and
issue a patch. If they just ship the dll it may be possible to just
replace the zlib.dll or zlib1.dll (on Windows). Usage of zlib is very
widespread and almost every major software vendor is using it. It effects
Unix, Linux, Mac OS X and Windows machines.

A quick file search of "zlib" on one Windows machine turned up the
following applications using the zlib dll. No doubt many more applications
have it statically linked.

BitTorrent
Ethereal
Trillian
Microsoft Office
Mozilla
HP LaserJet All-in-one
Netscape
DCplusplus
MySql
Shareaza
WinVNC

Here is the patch found on debian.org [1]

$ diff -Naur inftrees.c ../zlib-1.2.2.orig/
--- inftrees.c 2005-07-10 13:38:37.000000000 +0100
+++ ../zlib-1.2.2.orig/inftrees.c 2004-09-15 15:30:06.000000000 +0100
@@ -134,7 +134,7 @@
left -= count[len];
if (left < 0) return -1; /* over-subscribed */
}
- if (left > 0 && (type == CODES || max != 1))
+ if (left > 0 && (type == CODES || (codes - count[0] != 1)))
return -1; /* incomplete set */

The BSD flavors and many Linux flavors are already patched.


[1] posted to slashdot.org by alan@wylie.me.uk
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] zlib prior to 1.2.2-r1 contains buffer overflow, Chris Wysopal <=
Previous by Date:  Problems with the Oracle Critical Patch Update for April 2005, David Litchfield
Next by Date:  [VulnWatch] Re: Problems with the Oracle Critical Patch Update for April 2005, Cesar
Previous by Thread:  Problems with the Oracle Critical Patch Update for April 2005, David Litchfield
Next by Thread:  [Full-disclosure] iDEFENSE Security Advisory 07.12.05: Microsoft Word 2000 and Word 2002 Font Parsing Buffer Overflow Vulnerability, iDEFENSE Labs
Indexes:  [Date] [Thread] [Top] [All Lists]