安全研究

安全漏洞
Zlib压缩库缓冲区溢出漏洞

发布日期:2005-07-08
更新日期:2005-07-08

受影响系统:
zlib zlib >= 1.2
描述:
BUGTRAQ  ID: 14162
CVE(CAN) ID: CVE-2005-2096

zlib是很多应用程序都在使用的压缩库,可提供数据压缩/解压例程。

Zlib中存在缓冲区溢出漏洞,攻击者可能利用此漏洞诱使用户执行任意指令。

起因是在内存拷贝操作中没有正确的验证输入数据。在某些环境中,解压畸形的输入数据可能导致拒绝服务,或以使用受影响库应用程序的权限执行任意指令。

<*来源:Tavis Ormandy (taviso@gentoo.org
  
  链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc
        http://www.debian.org/security/2005/dsa-740
        http://security.gentoo.org/glsa/glsa-200507-05.xml
        http://lwn.net/Alerts/142786/?format=printable
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-740-1)以及相应补丁:
DSA-740-1:New zlib packages fix denial of service
链接:http://www.debian.org/security/2005/dsa-740

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.dsc
Size/MD5 checksum:      807 dc3fcabef1acff1c01e2f0ebf492bf66
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.diff.gz
Size/MD5 checksum:    14253 2b6eeb5cca5debe943582e1266f0b70d
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2.orig.tar.gz
Size/MD5 checksum:   430700 d43dabe3d374e299f2631c5fc5ce31f5

Alpha architecture:

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_alpha.deb
Size/MD5 checksum:    30526 7a8a3ee419fbc7917a4c1034d9902474
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_alpha.deb
Size/MD5 checksum:    82036 3f7d5435d3658a0e6e9026242dd0169b
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_alpha.deb
Size/MD5 checksum:   533998 20c2841937e5de74fdddd464e81d2ad1

ARM architecture:

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_arm.deb
Size/MD5 checksum:    25248 dccb0d7c752b806d8c0b43f657cee265
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_arm.deb
Size/MD5 checksum:    66734 16f44bc4d254ed6398666c2a2a9298cc
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_arm.deb
Size/MD5 checksum:   498336 9ff727e49b121802ec0de0d55b920f7a

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_i386.deb
Size/MD5 checksum:    25838 7730eb446f1cbf3f4f23955ba4d0a0ad
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_i386.deb
Size/MD5 checksum:    63196 2bdd404fb56394e4495434c7f6a9b284
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_i386.deb
Size/MD5 checksum:   487094 2498ca72ccc359a86e8d993b485d275f

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_ia64.deb
Size/MD5 checksum:    39204 4223a66e9097199b94b5de1ca217986c
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_ia64.deb
Size/MD5 checksum:    93428 17b2187034b9e3961c3a21b221612558
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_ia64.deb
Size/MD5 checksum:   553636 73a0490e7c575c10a97a3390a11c88ed

HP Precision architecture:

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_hppa.deb
Size/MD5 checksum:    29260 f26944aa8cfb195b9b9dc30ece012f17
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_hppa.deb
Size/MD5 checksum:    70356 e92b967975428c72678fdaa6bb483d7d
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_hppa.deb
Size/MD5 checksum:   512480 1d49177f3c704ea216c0fbd78dc82735

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_m68k.deb
Size/MD5 checksum:    24028 53d352633677d62fd9c194996c60d31f
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_m68k.deb
Size/MD5 checksum:    58850 2aae7ad830e0ad011b6800025130ff1c
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_m68k.deb
Size/MD5 checksum:   485972 e4a948ba9ef16ba4ae5b9636ba831879

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_mips.deb
Size/MD5 checksum:    31504 474d31e3ca6b4e058b4e13090238425f
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mips.deb
Size/MD5 checksum:    68768 e401a7314e1105b067696f48814de63a
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_mips.deb
Size/MD5 checksum:   510190 717a0a41c644cdc87125a48520aa9e0b

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_mipsel.deb
Size/MD5 checksum:    31494 0a6a0845e7195161393b1fdb08f69560
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mipsel.deb
Size/MD5 checksum:    69098 bafde67f893e248cf7dd16e96bc12edc
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_mipsel.deb
Size/MD5 checksum:   509520 b147287aec201423bcb951034b68c936

PowerPC architecture:

http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_powerpc.deb
Size/MD5 checksum:    29974 9b0f7475d2a194ea569a10d8999b631c
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_powerpc.deb
Size/MD5 checksum:    69632 dd73e85b2079144f56b45d43ae0a27ee
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_powerpc.deb
Size/MD5 checksum:   522806 4aaef30ee2563e810606180e8ff984da

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.1_s390.deb
Size/MD5 checksum:    52588 6d8ec4a1c12fd602af9a4e9f22b66b59
http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.1_s390.deb
Size/MD5 checksum:    55514 4f60ea5ef3a0158c3c05ac7d2ce29f05
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_s390.deb
Size/MD5 checksum:    27186 baf3f833f392985bf22676f0a705e777
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_s390.deb
Size/MD5 checksum:    67048 5db51f522598fc5fcffbc1fcc4d5b15d
http://security.debian.org/pool/updates/m


补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-05:16)以及相应补丁:
FreeBSD-SA-05:16:Buffer overflow in zlib
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc

补丁下载:

执行以下步骤之一:

1) 将有漏洞的系统升级到5-STABLE,或修改日期之后的RELENG_5_4或RELENG_5_3安全
版本.

2) 为当前系统打补丁:

以下补丁确认可应用于FreeBSD 5.3和5.4系统.

a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:16/zlib.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:16/zlib.patch.asc

b) 以root执行以下命令:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libz/
# make obj && make depend && make && make install

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2005:569-01)以及相应补丁:
RHSA-2005:569-01:Important: zlib security update
链接:http://lwn.net/Alerts/142786/?format=printable

补丁下载:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/zlib-...
b09854b7fbd3c6aef59e15379d563bc2  zlib-1.2.1.2-1.1.src.rpm

i386:
b80a549b59a2864e51fce1849ed91714  zlib-1.2.1.2-1.1.i386.rpm
d5db7d5f5a65de792571dffd49abb433  zlib-devel-1.2.1.2-1.1.i386.rpm

ia64:
b80a549b59a2864e51fce1849ed91714  zlib-1.2.1.2-1.1.i386.rpm
cc9e3223c11f5046a24ec68ff98d3a43  zlib-1.2.1.2-1.1.ia64.rpm
c46ed128d73cba13ace294e80e9a48d3  zlib-devel-1.2.1.2-1.1.ia64.rpm

ppc:
0a40389caa51dec8625e0c0b11a44e87  zlib-1.2.1.2-1.1.ppc.rpm
68de3c2b8e24ee086718f888b52d2d1d  zlib-1.2.1.2-1.1.ppc64.rpm
b87b7e205c4d450a31b75a7a1ed9be0b  zlib-devel-1.2.1.2-1.1.ppc.rpm
1d57bd73dc26f813fed1450dc9c70638  zlib-devel-1.2.1.2-1.1.ppc64.rpm

s390:
95bd5739a0d7e95977c4d1ead6584776  zlib-1.2.1.2-1.1.s390.rpm
87c887b819a7c2d2ed9fb5bf672f8b84  zlib-devel-1.2.1.2-1.1.s390.rpm

s390x:
95bd5739a0d7e95977c4d1ead6584776  zlib-1.2.1.2-1.1.s390.rpm
dfa44b20f0fe492a3c14c4a2e1b18f86  zlib-1.2.1.2-1.1.s390x.rpm
87c887b819a7c2d2ed9fb5bf672f8b84  zlib-devel-1.2.1.2-1.1.s390.rpm
24bb5acdf163d308774d0c05ecf5a5bb  zlib-devel-1.2.1.2-1.1.s390x.rpm

x86_64:
b80a549b59a2864e51fce1849ed91714  zlib-1.2.1.2-1.1.i386.rpm
d033b0a59c082ab7038435862f8f8ea6  zlib-1.2.1.2-1.1.x86_64.rpm
d5db7d5f5a65de792571dffd49abb433  zlib-devel-1.2.1.2-1.1.i386.rpm
93289aa3e51b5f8e0bf2300dc2b97784  zlib-devel-1.2.1.2-1.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/...
b09854b7fbd3c6aef59e15379d563bc2  zlib-1.2.1.2-1.1.src.rpm

i386:
b80a549b59a2864e51fce1849ed91714  zlib-1.2.1.2-1.1.i386.rpm
d5db7d5f5a65de792571dffd49abb433  zlib-devel-1.2.1.2-1.1.i386.rpm

x86_64:
b80a549b59a2864e51fce1849ed91714  zlib-1.2.1.2-1.1.i386.rpm
d033b0a59c082ab7038435862f8f8ea6  zlib-1.2.1.2-1.1.x86_64.rpm
d5db7d5f5a65de792571dffd49abb433  zlib-de
可使用下列命令安装补丁:

rpm -Fvh [文件名]

Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200507-05)以及相应补丁:
GLSA-200507-05:zlib: Buffer overflow
链接:http://security.gentoo.org/glsa/glsa-200507-05.xml

所有zlib用户都应升级到最新版本:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.2-r1"

浏览次数:6395
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客