SUSE-SA:2005:039: zlib

This script is Copyright (C) 2005-2010 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2005:039 (zlib).


A denial of service condition was fixed in the zlib library.

Any program using zlib to decompress data can be crashed by a specially
handcrafted invalid data stream. This includes web browsers or email
programs able to view PNG images (which are compressed by zlib),
allowing remote attackers to crash browser sessions or potentially
anti virus programs using this vulnerability.

This issue is tracked by the Mitre CVE ID CVE-2005-2096.

Since only zlib 1.2.x is affected, older SUSE products are not affected
by this problem.

Solution :

http://www.suse.de/security/advisories/2005_39_zlib.html

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 19248 ()

Bugtraq ID: 14162

CVE ID: CVE-2005-2096

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now