[VIM] CVE-2006-5823 (zlib_inflate): Alternate Vectors?

Matthew Murphy mattmurphy at kc.rr.com
Wed Feb 21 16:14:23 EST 2007


I see that some distros are just getting around to patching the
zlib_inflate vulnerability (CVE-2006-5823).  In the past, zlib has
been associated with some major security exposures, and so it
surprises me that this has been (largely) played down without
attention as a bug that allows you to bring down a box by mounting a
crafted file system that, oh-by-the-way, happens to use zlib.

Is anybody aware of other (promising or disastrous, depending on how
you look at it) potential exploit vectors for this beyond kernel-mode
file system code -- e.g., network client libraries?  If not, is anyone
aware of why it seems this hole got so little attention?  Is it
sufficiently hard to trigger that most environments wouldn't allow
exploitation?


More information about the VIM mailing list