Zlib Compression Denial of Service

By Roger on July 12, 2008 12:53 PM | | Comments (5) | TrackBacks (0)

Secunia PSI has been alerting on a vulnerable version of zlib.dll in many of my applications on my home computer. In a security writeup from July 2005, Secunia reports

a vulnerability in zlib, which can be exploited by malicious people to cause a DoS (Denial of Service) against a vulnerable application.

The vulnerability has been reported in version 1.2.2. Prior versions may also be affected

This doesn't bother me so much when it is detected in old versions of Taxcut installed on the computer, but when it is reported in Wireshark 1.0.1 (not sure if this is fixed in Wireshark 1.0.2) and the latest version of iTunes, I wonder what the deal is.

UPDATE - See the comments, this is actually fixed in Wireshark in spite of the Secunia detection.

I renamed the old dll and replaced it with the latest version from http://www.zlib.net/. Secunia is happy, and it didn't seem to cause any issues with the applications.

Categories

General

Tags

0 TrackBacks

Listed below are links to blogs that reference this entry: Zlib Compression Denial of Service.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/757

5 Comments

Gerald Combs said:

The Windows version Wireshark does in fact ship with zlib 1.2.3, and has since 2005 when the vulnerability was made public. The problem stems from the fact that we compile our own zlib package (which we must do in order to support different versions of Visual Studio), and the resource file that ships with the zlib 1.2.3 sources (win32/zlib1.rc) sets the version to 1.2.2.

If you go to "Help->About Wireshark" you'll see that it was compiled with libz 1.2.3.

July 14, 2008 1:46 PM
Glen said:

See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2686 (it's an issue with the zlib DLL, which is in fact the latest version, but not identified as such).

July 14, 2008 2:22 PM
Jaap Keuter said:

There's a bug in the distributed resource information in the zlib source code. Even though the code is fixed part of the resource info still exports the old version info.
Hence, no problem, just mis-identified. See the Wireshark bug database entry.

July 14, 2008 3:04 PM
Roger Author Profile Page said:

Thanks!

I am always amazed by the number of knowledgeable people that stop by the blog.

I'll put a note in the original post pointing to the comments.
Thanks

July 14, 2008 3:57 PM
Roger Author Profile Page said:

Wireshark 1.0.3 now includes the zlib1 dll showing version 1.2.3.0.
See the bug id link that Glen posts in the earleir comments.

Also see the 1.0.3 release notes.
http://www.wireshark.org/docs/relnotes/wireshark-1.0.3.html

September 5, 2008 10:44 PM

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on July 12, 2008 12:53 PM.

Group Policy Management Console and Vista SP1 was the previous entry in this blog.

NAC and Patching is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search