首 页 |   |   |   |   |   |   |   |   |   |   |   |   |   |  

漏洞通报

漏洞新闻
 
   
Zlib压缩库缓冲区溢出漏洞
(2005-07-12 15:40:45)

   

 

发布日期:2005-07-08

更新日期:2005-07-08

 

受影响系统:

zlib zlib >= 1.2

描述:

--------------------------------------------------------------------------------

BUGTRAQ  ID: 14162

CVE(CAN) ID: CAN-2005-2096

 

zlib是很多应用程序都在使用的压缩库,可提供数据压缩/解压例程。

 

Zlib中存在缓冲区溢出漏洞,攻击者可能利用此漏洞诱使用户执行任意指令。

 

起因是在内存拷贝操作中没有正确的验证输入数据。在某些环境中,解压畸形的输入数据可能导致拒绝服务,或以使用受影响库应用程序的权限执行任意指令。

 

<*来源:Tavis Ormandy

 

  链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc

        http://www.debian.org/security/2005/dsa-740

        http://security.gentoo.org/glsa/glsa-200507-05.xml

        http://lwn.net/Alerts/142786/?format=printable

*>

 

建议:

--------------------------------------------------------------------------------

厂商补丁:

 

Debian

------

Debian已经为此发布了一个安全公告(DSA-740-1)以及相应补丁:

DSA-740-1New zlib packages fix denial of service

链接:http://www.debian.org/security/2005/dsa-740

 

补丁下载:

 

Source archives:

 

http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.dsc

Size/MD5 checksum:      807 dc3fcabef1acff1c01e2f0ebf492bf66

http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.diff.gz

Size/MD5 checksum:    14253 2b6eeb5cca5debe943582e1266f0b70d

http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2.orig.tar.gz

Size/MD5 checksum:   430700 d43dabe3d374e299f2631c5fc5ce31f5

 

Alpha architecture:

 

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_alpha.deb

Size/MD5 checksum:    30526 7a8a3ee419fbc7917a4c1034d9902474

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_alpha.deb

Size/MD5 checksum:    82036 3f7d5435d3658a0e6e9026242dd0169b

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_alpha.deb

Size/MD5 checksum:   533998 20c2841937e5de74fdddd464e81d2ad1

 

ARM architecture:

 

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_arm.deb

Size/MD5 checksum:    25248 dccb0d7c752b806d8c0b43f657cee265

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_arm.deb

Size/MD5 checksum:    66734 16f44bc4d254ed6398666c2a2a9298cc

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_arm.deb

Size/MD5 checksum:   498336 9ff727e49b121802ec0de0d55b920f7a

 

Intel IA-32 architecture:

 

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_i386.deb

Size/MD5 checksum:    25838 7730eb446f1cbf3f4f23955ba4d0a0ad

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_i386.deb

Size/MD5 checksum:    63196 2bdd404fb56394e4495434c7f6a9b284

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_i386.deb

Size/MD5 checksum:   487094 2498ca72ccc359a86e8d993b485d275f

 

Intel IA-64 architecture:

 

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_ia64.deb

Size/MD5 checksum:    39204 4223a66e9097199b94b5de1ca217986c

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_ia64.deb

Size/MD5 checksum:    93428 17b2187034b9e3961c3a21b221612558

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_ia64.deb

Size/MD5 checksum:   553636 73a0490e7c575c10a97a3390a11c88ed

 

HP Precision architecture:

 

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_hppa.deb

Size/MD5 checksum:    29260 f26944aa8cfb195b9b9dc30ece012f17

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_hppa.deb

Size/MD5 checksum:    70356 e92b967975428c72678fdaa6bb483d7d

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_hppa.deb

Size/MD5 checksum:   512480 1d49177f3c704ea216c0fbd78dc82735

 

Motorola 680x0 architecture:

 

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_m68k.deb

Size/MD5 checksum:    24028 53d352633677d62fd9c194996c60d31f

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_m68k.deb

Size/MD5 checksum:    58850 2aae7ad830e0ad011b6800025130ff1c

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_m68k.deb

Size/MD5 checksum:   485972 e4a948ba9ef16ba4ae5b9636ba831879

 

Big endian MIPS architecture:

 

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_mips.deb

Size/MD5 checksum:    31504 474d31e3ca6b4e058b4e13090238425f

http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mips.deb

Size/MD5 checksum:    68768 e401a7314e1105b067696f48814de63a

http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_mips.deb

Size/MD5 checksum:   510190 717a0a41c644cdc87125a





 
联系我们 | 投稿栏 | 意见栏 | 招聘信息 | 站点地图
版权所有©2005 ,中国信息安全测评中心
北京市海淀区上地西路8号院1号楼 Tel:010-82341118 或 010-82341188 Fax:010-82341100
测评服务直拨电话 Tel:010-82341592    E-mail: service@itsec.gov.cn
 
通知:
第三届信息安全漏洞分析与风险评估会议(VARA 2010)