[VIM] CVE-2006-5823 (zlib_inflate): Alternate Vectors?

Gadi Evron ge at linuxbox.org
Wed Feb 21 18:30:04 EST 2007

As a general note on our unrelated conversation, Matt: the Vista issue is

On Wed, 21 Feb 2007, Matthew Murphy wrote:

> I see that some distros are just getting around to patching the
> zlib_inflate vulnerability (CVE-2006-5823).  In the past, zlib has
> been associated with some major security exposures, and so it
> surprises me that this has been (largely) played down without
> attention as a bug that allows you to bring down a box by mounting a
> crafted file system that, oh-by-the-way, happens to use zlib.
> Is anybody aware of other (promising or disastrous, depending on how
> you look at it) potential exploit vectors for this beyond kernel-mode
> file system code -- e.g., network client libraries?  If not, is anyone
> aware of why it seems this hole got so little attention?  Is it
> sufficiently hard to trigger that most environments wouldn't allow
> exploitation?

More information about the VIM mailing list