Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2003-081.NASL
HistoryJul 06, 2004 - 12:00 a.m.

RHEL 2.1 : zlib (RHSA-2003:081)

2004-07-0600:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.075

Percentile

94.1%

JSON

Updated zlib packages that fix a buffer overflow vulnerability are now available.

Zlib is a general-purpose, patent-free, lossless data compression library that is used by many different programs.

The function gzprintf within zlib, when called with a string longer than Z_PRINTF_BUFZISE (= 4096 bytes), can overflow without giving a warning.

zlib-1.1.4 and earlier exhibit this behavior. There are no known exploits of the gzprintf overrun, and only a few programs, including rpm2html and gimp-print, are known to use the gzprintf function.

The problem has been fixed by checking the length of the output string within gzprintf.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2003:081. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(12374);
  script_version("1.24");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2003-0107");
  script_xref(name:"RHSA", value:"2003:081");

  script_name(english:"RHEL 2.1 : zlib (RHSA-2003:081)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated zlib packages that fix a buffer overflow vulnerability are now
available.

Zlib is a general-purpose, patent-free, lossless data compression
library that is used by many different programs.

The function gzprintf within zlib, when called with a string longer
than Z_PRINTF_BUFZISE (= 4096 bytes), can overflow without giving a
warning.

zlib-1.1.4 and earlier exhibit this behavior. There are no known
exploits of the gzprintf overrun, and only a few programs, including
rpm2html and gimp-print, are known to use the gzprintf function.

The problem has been fixed by checking the length of the output string
within gzprintf."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2003-0107"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2003:081"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected zlib and / or zlib-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:zlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:zlib-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2003/05/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2003:081";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"zlib-1.1.4-8.2.1AS")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"zlib-devel-1.1.4-8.2.1AS")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zlib / zlib-devel");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxzlibp-cpe:/a:redhat:enterprise_linux:zlib
redhatenterprise_linuxzlib-develp-cpe:/a:redhat:enterprise_linux:zlib-devel
redhatenterprise_linux2.1cpe:/o:redhat:enterprise_linux:2.1

Related

f5 2
cvelist 1
cert 1
cve 1
redhat 1
nessus 1
debiancve 1
nvd 1
jvn 1
f5
f5
SOL2593 - Buffer overflow in zlib - CAN-2003-0107
2006-10-06 00:00:00
Buffer overflow in zlib - CAN-2003-0107
2006-10-07 04:00:00
cvelist
cvelist
CVE-2003-0107
2004-09-01 04:00:00
cert
cert
zlib "gzprintf()" function vulnerable to buffer overflow
2003-05-23 00:00:00
cve
cve
CVE-2003-0107
2004-09-01 04:00:00
redhat
redhat
(RHSA-2003:081) zlib security update
2003-05-22 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : zlib (MDKSA-2003:033)
2004-07-31 00:00:00
debiancve
debiancve
CVE-2003-0107
2004-09-01 04:00:00
nvd
nvd
CVE-2003-0107
2003-03-07 05:00:00
jvn
jvn
JVN#78689801: BGA32.DLL and QBga32.DLL contain multiple vulnerabilities
2015-05-19 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.075

Percentile

94.1%

JSON
Related for REDHAT-RHSA-2003-081.NASL
f52cvelist1cert1cve1redhat1nessus1debiancve1nvd1jvn1