Mandrake Linux Security Advisory : zlib (MDKSA-2003:033)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Richard Kettlewell discovered a buffer overflow vulnerability in the
zlib library's gzprintf() function. This can be used by attackers to
cause a denial of service or possibly even the execution of arbitrary
code. Our thanks to the OpenPKG team for providing a patch which adds
the necessary configure script checks to always use the secure
vsnprintf(3) and snprintf(3) functions, and which additionally adjusts
the code to correctly take into account the return value of
vsnprintf(3) and snprintf(3).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14017 (mandrake_MDKSA-2003-033.nasl)

Bugtraq ID: 6913

CVE ID: CVE-2003-0107

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now