Contact | Site en Français               

 


 

VUPEN VNS v4.0
 
  Features and Options
  Free 14-Day Trial

  Partner Program
  Receive More Information
 
   
 

Latest Intelligence
 
  VUPEN Security Advisories

  Virus and Malware Alerts
  VUPEN Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Core "zlib_inflate()" Data Stream Handling Denial of Service Vulnerability

Title : Fedora Core "zlib_inflate()" Data Stream Handling Denial of Service Vulnerability
VUPEN ID : VUPEN/ADV-2006-4405
CVE ID : CVE-2006-5823
CWE ID : VUPEN VNS Only
CVSS V2 : VUPEN VNS Only
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2006-11-09

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

A vulnerability has been identified in Fedora Core, which could be exploited by malicious users to cause a denial of service. This flaw is due to an infinite loop in the "zlib_inflate()" function when handling corrupted data streams, which could be exploited by local attackers to crash a vulnerable system via a malicious cramfs image, creating a denial of service condition.

Affected Products

Fedora Core 6
Fedora Core 5

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

09e0eb5e1fdae3dbbac7c5b6bb97fc83dce7e79d SRPMS/kernel-2.6.18-1.2239.fc5.src.rpm
09e0eb5e1fdae3dbbac7c5b6bb97fc83dce7e79d noarch/kernel-2.6.18-1.2239.fc5.src.rpm
ab6e6892988d169fc7357a527db0473c77745d20 ppc/kernel-smp-2.6.18-1.2239.fc5.ppc.rpm
5ed7b34f558e65e5a6857f6de99029c9f463ff6a ppc/kernel-devel-2.6.18-1.2239.fc5.ppc.rpm
ed976f0d8ea7554406a38c71f95122a471c1b72e ppc/kernel-2.6.18-1.2239.fc5.ppc.rpm
84e185286c4614d77ff9b0e4bc916776d461ca23 ppc/kernel-smp-devel-2.6.18-1.2239.fc5.ppc.rpm
5baf20cd1ab8ed50632e8a34439315fbb18b92bf ppc/debug/kernel-debuginfo-2.6.18-1.2239.fc5.ppc.rpm
f24bb7e4fec4bcea364f0269b8361ea08c8b518d ppc/kernel-doc-2.6.18-1.2239.fc5.noarch.rpm
d931ee827cf0b8df5d8f207b71164faee0954045 x86_64/kernel-xen0-2.6.18-1.2239.fc5.x86_64.rpm
f6862f1d88fdb106b08144a2e58871262544a01e x86_64/kernel-kdump-devel-2.6.18-1.2239.fc5.x86_64.rpm
320165993d25fc0a3aea062c460703d723a1f108 x86_64/kernel-xen-devel-2.6.18-1.2239.fc5.x86_64.rpm
d60232c018b8ec9bedd6ab99144f71bc6c93abb8 x86_64/kernel-devel-2.6.18-1.2239.fc5.x86_64.rpm
730f4ad90872a663c060f52bfdc68aecedef7b6f x86_64/kernel-xen-2.6.18-1.2239.fc5.x86_64.rpm
af3d00a7a13b152939f1eee86049dc3115dc2abd x86_64/kernel-kdump-2.6.18-1.2239.fc5.x86_64.rpm
8f79318c45de1e4aab09ca79f2943ca95793381c x86_64/debug/kernel-debuginfo-2.6.18-1.2239.fc5.x86_64.rpm
82e6e6c97ce43c05510ac132f5a8bdc577caf40f x86_64/kernel-xenU-devel-2.6.18-1.2239.fc5.x86_64.rpm
ac36533a48712b9615f99cb108ebb13a892c1479 x86_64/kernel-2.6.18-1.2239.fc5.x86_64.rpm
ca3b1e28bdd8b5b0266ac886131b5a2856986bea x86_64/kernel-xen0-devel-2.6.18-1.2239.fc5.x86_64.rpm
78f8e6efb6c87c808b9bab97fc822848bd00163d x86_64/kernel-xenU-2.6.18-1.2239.fc5.x86_64.rpm
f24bb7e4fec4bcea364f0269b8361ea08c8b518d x86_64/kernel-doc-2.6.18-1.2239.fc5.noarch.rpm
e48dadba1f40a1fd520beb25233b81366851c98b i386/kernel-2.6.18-1.2239.fc5.i586.rpm
b56df17cebcb26dee7787dd4e34e3e9cc984cd89 i386/kernel-smp-2.6.18-1.2239.fc5.i586.rpm
aed3a5533294e311ca96318e43894b2320e7f023 i386/kernel-devel-2.6.18-1.2239.fc5.i586.rpm
f356317658dacc6721979368d83e3c9bed21e561 i386/debug/kernel-debuginfo-2.6.18-1.2239.fc5.i586.rpm
d844b2c1dccec6c2d3f90321a9087b0fecf01552 i386/kernel-smp-devel-2.6.18-1.2239.fc5.i586.rpm
ffd844fab6dd2acbaa84802fa866d94419cf6113 i386/kernel-2.6.18-1.2239.fc5.i686.rpm
5dc59f46885d1a17497803f4b08bd7082213c97c i386/kernel-devel-2.6.18-1.2239.fc5.i686.rpm
d2f50e0091c45a68fd4dc74d81a558c38f99adbd i386/kernel-xen0-2.6.18-1.2239.fc5.i686.rpm
4a8bdf206606cd73a97ddafa1b6641424505accf i386/kernel-xen-devel-2.6.18-1.2239.fc5.i686.rpm
2b15c8764e23696896b9c83ee0bd2fbea7bc6127 i386/kernel-kdump-devel-2.6.18-1.2239.fc5.i686.rpm
95ea6cac7b03520976a3bfe4fb43ba4c2cf40a1d i386/kernel-xen-2.6.18-1.2239.fc5.i686.rpm
03f60a5f1ebeebc06b71d7d9ffd378ac05282da9 i386/kernel-xenU-devel-2.6.18-1.2239.fc5.i686.rpm
8cb30b3721100e609a56358e9c73bf4b54a60eaa i386/kernel-xenU-2.6.18-1.2239.fc5.i686.rpm
e6774742d0cf819d2f7f17652bf0df673a6636f1 i386/kernel-smp-2.6.18-1.2239.fc5.i686.rpm
94d232f90b0a002aa37438ce9d7e830f3250c142 i386/kernel-kdump-2.6.18-1.2239.fc5.i686.rpm
af58a9f01c0fed87e07623a50839867c21fb2615 i386/kernel-xen0-devel-2.6.18-1.2239.fc5.i686.rpm
4910b3ee467965e7bd3f1eba0b26a68fd656e1d1 i386/kernel-smp-devel-2.6.18-1.2239.fc5.i686.rpm
b28fd2d22f215a8e3aed1ce4a85614888737a56a i386/debug/kernel-debuginfo-2.6.18-1.2239.fc5.i686.rpm
f24bb7e4fec4bcea364f0269b8361ea08c8b518d i386/kernel-doc-2.6.18-1.2239.fc5.noarch.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

affaf6570be74f8d808ea0d62bd0578f9dafddab SRPMS/kernel-2.6.18-1.2849.fc6.src.rpm
affaf6570be74f8d808ea0d62bd0578f9dafddab noarch/kernel-2.6.18-1.2849.fc6.src.rpm
156c339293fbe7e299e8953485bfc23a5a681713 ppc/debug/kernel-smp-debuginfo-2.6.18-1.2849.fc6.ppc.rpm
4d10fce5f57916256841a1111462afee247da723 ppc/kernel-smp-2.6.18-1.2849.fc6.ppc.rpm
edab5aaebe1e4f09995a0fae97a6a456319af67a ppc/kernel-headers-2.6.18-1.2849.fc6.ppc.rpm
2bac0dbdb0028569ffe1727a43c87f18180b92d3 ppc/kernel-2.6.18-1.2849.fc6.ppc.rpm
797c96f8a9dded23faaa3a1d6b7ea3a88cb4a6ba ppc/debug/kernel-debuginfo-common-2.6.18-1.2849.fc6.ppc.rpm
4bec3f96379d19632c375067cd286270b8b54885 ppc/debug/kernel-debuginfo-2.6.18-1.2849.fc6.ppc.rpm
32d0e3ab51d5bd8f43e6aafd9311336964533c1f ppc/kernel-smp-devel-2.6.18-1.2849.fc6.ppc.rpm
98a176017307b597d0008aa698c903efd1b1c35c ppc/kernel-devel-2.6.18-1.2849.fc6.ppc.rpm
4f23af3087e59300dcce1a5d89ecfc8d45f25dbd ppc/kernel-doc-2.6.18-1.2849.fc6.noarch.rpm
b9db1f8cf8ee818a13dd14d20b3d25de987e1a98 x86_64/kernel-kdump-devel-2.6.18-1.2849.fc6.x86_64.rpm
ddbf422dcdff7743aa1ea95995a6a54964b8020d x86_64/kernel-devel-2.6.18-1.2849.fc6.x86_64.rpm
60e5f6e98e0fbd74904f5b051c07b04ba9bc8e1d x86_64/kernel-headers-2.6.18-1.2849.fc6.x86_64.rpm
f320c8f56dbf47218c4e2837452500c8ac878fb4 x86_64/debug/kernel-xen-debuginfo-2.6.18-1.2849.fc6.x86_64.rpm
4eb0e63a107b5b408ca102d1832796ce65eaba6a x86_64/kernel-xen-devel-2.6.18-1.2849.fc6.x86_64.rpm
bb7cadbae49f5fa231800cc5f77b74f7d8eb8709 x86_64/kernel-kdump-2.6.18-1.2849.fc6.x86_64.rpm
5e69afcdbf6b3a176f1ae4dbd758b350db0092ca x86_64/debug/kernel-debuginfo-common-2.6.18-1.2849.fc6.x86_64.rpm
902a21187895a9fb22ff55fc6ec09413f726b33f x86_64/debug/kernel-debuginfo-2.6.18-1.2849.fc6.x86_64.rpm
4f5550e559ad499f2564aebbf49d89ad571b565b x86_64/debug/kernel-kdump-debuginfo-2.6.18-1.2849.fc6.x86_64.rpm
3d214bd1b69fe3b08a650334d0e2c4d62bca7696 x86_64/kernel-2.6.18-1.2849.fc6.x86_64.rpm
3f6a7724bcf9474c63ec09810b2fa9165630eb5b x86_64/kernel-xen-2.6.18-1.2849.fc6.x86_64.rpm
4f23af3087e59300dcce1a5d89ecfc8d45f25dbd x86_64/kernel-doc-2.6.18-1.2849.fc6.noarch.rpm
0a5cfcc151da95f593c606b393b3afb4fd2195d9 i386/kernel-headers-2.6.18-1.2849.fc6.i386.rpm
36b85dc4bfe9c9e603c35a7bd215b8d494c2c536 i386/kernel-2.6.18-1.2849.fc6.i586.rpm
b411a7e12565d8996288c931417571a0af84673c i386/kernel-devel-2.6.18-1.2849.fc6.i586.rpm
c78c74e4022599ab8697e012f0784d72d6eb00f1 i386/debug/kernel-debuginfo-2.6.18-1.2849.fc6.i586.rpm
0def41d554f55f34f60c0cd1a22505ef138ad24a i386/debug/kernel-debuginfo-common-2.6.18-1.2849.fc6.i586.rpm
a81f20c493a725535019aa161ef63e4ef1fef09b i386/debug/kernel-PAE-debuginfo-2.6.18-1.2849.fc6.i686.rpm
5728918230b511f497aed2e09f6b19d0e070d872 i386/debug/kernel-kdump-debuginfo-2.6.18-1.2849.fc6.i686.rpm
ed9c86110952b2f3e31ca9665b004030e448ec56 i386/kernel-PAE-devel-2.6.18-1.2849.fc6.i686.rpm
0a747a2e3cb527263942e050b92d366707c98e60 i386/debug/kernel-debuginfo-common-2.6.18-1.2849.fc6.i686.rpm
11be317b22f156aabaedc6b86a92ce2ae598f278 i386/kernel-2.6.18-1.2849.fc6.i686.rpm
9193975ccf01d75cdf7a64d86b5e9c6c8a1c8d62 i386/debug/kernel-xen-debuginfo-2.6.18-1.2849.fc6.i686.rpm
e4c36fb46040a3a8b5efdf148e452b0a2a4f3d53 i386/kernel-kdump-devel-2.6.18-1.2849.fc6.i686.rpm
dc9f272acb0d65c843d3d9191570b8d89d132275 i386/kernel-xen-devel-2.6.18-1.2849.fc6.i686.rpm
53ca0f3534dc60a4dd288e4f262ce00796d44e3c i386/debug/kernel-debuginfo-2.6.18-1.2849.fc6.i686.rpm
b8956cd9f8686eed46761f7a3c46a47e3a68fe53 i386/kernel-PAE-2.6.18-1.2849.fc6.i686.rpm
dbb0873039ea6b76c1ee14af717bdb30d45745c1 i386/kernel-xen-2.6.18-1.2849.fc6.i686.rpm
6be041279ce6a4ca56b7d1e9ab972a2c9ca2bcce i386/kernel-devel-2.6.18-1.2849.fc6.i686.rpm
84786a1c66645b3b24ca3e409cb0cfbc496ceff7 i386/kernel-kdump-2.6.18-1.2849.fc6.i686.rpm
4f23af3087e59300dcce1a5d89ecfc8d45f25dbd i386/kernel-doc-2.6.18-1.2849.fc6.noarch.rpm

References

http://www.vupen.com/english/advisories/2006/4405
http://projects.info-pull.com/mokb/MOKB-07-11-2006.html
https://www.redhat.com/archives/fedora-package-announce/2006-November/msg00086.html
https://www.redhat.com/archives/fedora-package-announce/2006-November/msg00088.html

Credits

Vulnerability reported by LMH

ChangeLog

2006-11-09 : Initial release
2006-11-13 : Updated Solution

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

VUPEN Vulnerability
Notification Service
 

Latest Advisories
  

   
    





Copyright VUPEN © 2004-2010 - Privacy Policy