SUSE-SA:2004:029: zlib

low Nessus Plugin ID 14658

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2004:029 (zlib).


zlib is a widely used data compression library. Programs linked against it include most desktop applications as well as servers such as Apache and OpenSSH.

The 'inflate' function of zlib handles certain input data incorrectly which could lead to a denial of service condition for programs using it with untrusted data. Whether the vulnerability can be exploided locally or remotely depends on the application using it.

zlib versions older than version 1.2 are not affected.

Solution

http://www.suse.de/security/2004_29_zlib.html

Plugin Details

Severity: Low

ID: 14658

File Name: suse_SA_2004_029.nasl

Version: 1.13

Agent: unix

Published: 9/3/2004

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2004-0797

BID: 11051