NetBSD libz Zero Length Code Incorrect Error DoS

2005-10-31T00:00:00
ID OSVDB:20728
Type osvdb
Reporter OSVDB
Modified 2005-10-31T00:00:00

Description

Vulnerability Description

NetBSD contains a flaw that may allow a remote denial of service. The issue is triggered when huft_build() of the zlib routines permits a malicious attacker to use a specially crafted, compressed file to cause a NULL deference, resulting in loss of availability for the platform.

Solution Description

Upgrade to version 2.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

NetBSD contains a flaw that may allow a remote denial of service. The issue is triggered when huft_build() of the zlib routines permits a malicious attacker to use a specially crafted, compressed file to cause a NULL deference, resulting in loss of availability for the platform.

References:

Vendor URL: http://www.netbsd.org/ Vendor Specific Advisory URL Security Tracker: 1015132 Related OSVDB ID: 20725 Related OSVDB ID: 20731 Related OSVDB ID: 20726 Related OSVDB ID: 20727 Related OSVDB ID: 20729 Related OSVDB ID: 20730 Other Advisory URL: http://www.uniras.gov.uk/niscc/docs/br-20051101-00969.html?lang=en