zlib "gzprintf()" function vulnerable to buffer overflow

Overview

A buffer overflow exists in one of the functions included with the zlib compression library. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial of service. An exploit for this vulnerability is publicly available.

Description

The zlib website describes zlib as a “…lossless data-compression library for use on virtually any computer hardware and operating system.” A buffer overflow exists in the gzprintf function contained within the zlib compression library. For more detailed information, please see Richard Kettlewell’s advisory.

---

Impact

A remote attacker may be able to execute code or cause a denial of service.

---

Solution

Apply a vendor patch.

---

Vendor Information

142121

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Gentoo Linux __ Affected

Updated: May 23, 2003

Status

Affected

Vendor Statement

See <http://lwn.net/Articles/27153/&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

IBM Corporation __ Affected

Notified: May 23, 2003 Updated: May 27, 2003

Status

Affected

Vendor Statement

The AIX operating system is not vulnerable to the issues discussed in Vulnerability Note VU#142121.

However, zlib is available for installation on AIX via the AIX Toolbox for Linux. These items are shipped “as is” and are unwarranted.

A patched version of the zlib library can be downloaded from:

<ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/zlib/zlib-1.1.4-3.aix4.3.ppc.rpm&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Mandriva, Inc. __ Affected

Notified: May 23, 2003 Updated: September 08, 2004

Status

Affected

Vendor Statement

Mandrakesoft has fixed this with MDKSA-2004:090, which will be announced shortly.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See <http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:033&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Mandriva, Inc. __ Affected

Updated: May 23, 2003

Status

Affected

Vendor Statement

See <http://lwn.net/Alerts/28096/&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

NetBSD __ Affected

Notified: May 23, 2003 Updated: May 23, 2003

Status

Affected

Vendor Statement

See <ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

OpenPKG __ Affected

Updated: May 23, 2003

Status

Affected

Vendor Statement

See <http://www.openpkg.org/security/OpenPKG-SA-2003.015-zlib.txt&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Openwall GNU/*/Linux __ Affected

Notified: May 23, 2003 Updated: June 02, 2003

Status

Affected

Vendor Statement

This unfortunate property of zlib has been corrected in Owl-current on 2003/02/25. We’re, however, unaware of any real-world application that uses zlib in a way which would make it affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Red Hat, Inc. __ Affected

Notified: May 23, 2003 Updated: May 27, 2003

Status

Affected

Vendor Statement

Red Hat Linux and Red Hat Enterprise Linux ship with a Zlib package vulnerable to these issues. Updated Zlib packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the ‘up2date’ tool.

Red Hat Linux:
<http://rhn.redhat.com/errata/RHSA-2003-079.html&gt;
Red Hat Enterprise Linux:
<http://rhn.redhat.com/errata/RHSA-2003-081.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

SCO __ Affected

Updated: May 23, 2003

Status

Affected

Vendor Statement

See <ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-011.0.txt&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

SUSE Linux __ Affected

Notified: May 23, 2003 Updated: June 24, 2003

Status

Affected

Vendor Statement

This bug is fixed. We are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Apple Computer, Inc. __ Not Affected

Notified: May 23, 2003 Updated: June 02, 2003

Status

Not Affected

Vendor Statement

The gzprintf() function is not used by Mac OS X or Mac OS X Server.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Foundry Networks Inc. __ Not Affected

Notified: May 23, 2003 Updated: June 02, 2003

Status

Not Affected

Vendor Statement

Foundry Networks is not vulnerable to the ZLIB buffer overflow issue as described in VU#142121.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Fujitsu __ Not Affected

Notified: May 23, 2003 Updated: June 05, 2003

Status

Not Affected

Vendor Statement

Fujitsu’s UXP/V o.s. is not affected by the problem in VU#142121 because it does not support the zlib.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Hitachi __ Not Affected

Notified: May 23, 2003 Updated: July 14, 2003

Status

Not Affected

Vendor Statement

Hitachi GR2000 gigabit router series are not vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Xerox Corporation __ Not Affected

Notified: May 23, 2003 Updated: June 12, 2003

Status

Not Affected

Vendor Statement

A response to this vulnerability is available from our web site:
<http://www.xerox.com/security&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Xpdf __ Not Affected

Notified: May 23, 2003 Updated: June 03, 2003

Status

Not Affected

Vendor Statement

Xpdf doesn’t use zlib at all.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

3Com Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

AT&T Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Adobe Systems Incorporated Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Alcatel Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Avaya Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Berkeley Software Design, Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Cisco Systems, Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Computer Associates Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Cray Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

D-Link Systems Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Data General Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Debian Linux Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Engarde Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Extreme Networks Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

F5 Networks, Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

FreeBSD, Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Hewlett-Packard Company Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

IBM-zSeries Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Ingrian Networks, Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Intel Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Juniper Networks, Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Lachman Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Lotus Software Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Lucent Technologies Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Mandriva, Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Microsoft Corporation Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

MontaVista Software, Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Multi-Tech Systems Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Multinet Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

NEC Corporation Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

NeXT Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Netscreen Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Network Appliance Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Nokia Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Nortel Networks, Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

OpenBSD Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Oracle Corporation Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Riverstone Networks Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

SGI Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Sequent Computer Systems, Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Sony Corporation Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Sun Microsystems, Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Unisys Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Wind River Systems, Inc. Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

Wirex Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

ZyXEL Unknown

Notified: May 23, 2003 Updated: May 23, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23142121 Feedback>).

View all 62 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.gzip.org/zlib/&gt;
• <http://online.securityfocus.com/bid/6913&gt;
• <http://securityfocus.org/archive/1/312869&gt;
• <http://www.securityfocus.com/archive/1/312869&gt;
• <http://www.iss.net/security_center/static/11381.php&gt;
• <http://secunia.com/advisories/24788&gt;
• http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=3616065
• http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=9916286

Acknowledgements

This vulnerability was discovered by Richard Kettlewell.

This document was written by Ian A Finlay.

Other Information

CVE IDs:	CVE-2003-0107
Severity Metric:	29.11 Date Public: