Lucene search

K
ubuntuUbuntuUSN-148-1
HistoryJul 06, 2005 - 12:00 a.m.

zlib vulnerability

2005-07-0600:00:00
ubuntu.com
38

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.055

Percentile

93.2%

Releases

  • Ubuntu 5.04
  • Ubuntu 4.10

Details

Tavis Ormandy discovered that zlib did not properly verify data
streams. Decompressing certain invalid compressed files caused
corruption of internal data structures, which caused applications
which link to zlib to crash. Specially crafted input might even have
allowed arbitrary code execution.

zlib is used by hundreds of server and client applications, so this
vulnerability could be exploited to cause Denial of Service attacks to
almost all services provided by an Ubuntu system.

OSVersionArchitecturePackageVersionFilename
Ubuntu5.04noarchzlib1g< *UNKNOWN
Ubuntu4.10noarchzlib1g< *UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.055

Percentile

93.2%