Signature Detail
Short Name |
APP:ZLIB-COMPRES-LIB-DOS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Zlib Compression Library Denial Of Service |
Release Date |
2012/11/30 |
Update Number |
2207 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Zlib Compression Library Denial Of Service
This signature detects attempts to exploit a known vulnerability against Zlib Compression Library. A successful attack can result in a denial-of-service condition.
Extended Description
The Zlib compression library is reportedly susceptible to a denial of service vulnerability. This vulnerability is caused by a failure of the application to properly handle malformed input during the decompression process. This vulnerability is reported to exist in version 1.2.1 of the library. Other versions are also likely affected.
Affected Products
- Avaya Intuity R5 R5.1.46
- CVS 1.12.12
- FileZilla FileZilla Server 0.7.0
- FileZilla FileZilla Server 0.7.1
- libpng 1.0.16
- libpng libpng3 1.2.6
- MacSFTP 1.0.6
- MacSSH 2.1.0 fc3
- Mandriva Linux Mandrake 10.0.0
- Mandriva Linux Mandrake 10.0.0 amd64
- OpenBSD 3.5
- OpenBSD -Current
- OpenPKG 2.0.0
- OpenPKG 2.1.0
- OpenPKG 2.2.0
- OpenPKG 2.3.0
- OpenPKG Current
- Red Hat Fedora Core2
- SCO Open Server 5.0.6
- SCO Open Server 5.0.6 a
- SCO Open Server 5.0.7
- SCO Open Server 6.0.0
- SCO Unixware 7.0.0
- SCO Unixware 7.0.1
- SCO Unixware 7.1.0
- SCO Unixware 7.1.1
- SCO Unixware 7.1.2
- SCO Unixware 7.1.3
- SCO Unixware 7.1.3 up
- SCO Unixware 7.1.4
- SuSE Linux Personal 9.1.0
- SuSE SUSE Linux Enterprise Server 9
- Trustix Secure Enterprise Linux 2.0.0
- Trustix Secure Linux 2.2.0
- Trustix Secure Linux 3.0.0
- zlib 1.2.0 .0.7
- zlib 1.2.1
References
- BugTraq: 11051
- CVE: CVE-2004-0797