(HP Issues Fix for Audit Daemon in HP Secure OS for Linux) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
|
Date: Apr 4 2002
|
Impact: Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in the zlib shared library, a widely used library that provides in-memory compress and decompression
functions. A remote user could cause programs using this library to crash or to execute arbitrary code on the system.
It is reported that certain types of input will cause zlib to free the same area of memory twice (i.e., perform a "double free"),
resulting in a buffer overflow condition when expanding compressed input. A remote user can cause programs that process untrusted
user-supplied compressed input to crash or potentially execute arbitrary code on the system.
HP reports that the audit daemon
in HP Secure OS for Linux is vulnerable because it uses the vulnerable version of zlib.
It is reported that Matthias Clasen <maclas@gmx.de>
and Owen Taylor <otaylor@redhat.com> discovered this bug in zlib.
|
Impact: A remote user can cause affected programs that use zlib to process untrusted user-supplied compressed input to crash or potentially execute arbitrary code on the system.
|
Solution: The vendor has released a patch: HPTL_00016
This patch is available as follows: -
Use your browser to access the
HP IT Resource Center page
at:
http://itrc.hp.com
Use the 'Login' tab at the left side of the screen to login
using your ID and password. Use your existing login or the
"Register" button at the left to create a login. Remember to
save the
User ID assigned to you, and your password. This login provides
access to many useful areas of the ITRC.
Under the "Maintenance and Support" section, select "Individual Patches".
In the field at the bottom of the page labeled
"retrieve a specific patch
by entering the patch name", enter {{ Patch number (s) }}
For instructions on installing
the patch, please see the install text file
included in the patch.
|
Vendor URL: www.hp.com/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (HP Secure OS)
|
Underlying OS Comments: 1.0
|
Reported By: support_feedback@us-support.external.hp.com (IT Resource Center )
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 4 Apr 2002 07:29:43 -0800 (PST)
From: support_feedback@us-support.external.hp.com (IT Resource Center )
Subject: HP Secure OS Software for Linux security bulletins digest
|
Document ID: HPSBTL0204-037
Date Loaded: 20020403
Title: Security vulnerability in audit subsystem
TEXT
---------------------------------------------------------------
HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #037
Originally issued: 04 Apr '02
---------------------------------------------------------------
The information in the following Security Bulletin should be acted
upon as soon as possible. Hewlett-Packard Company will not be
liable for any consequences to any customer resulting from customer's
failure to fully implement instructions in this Security Bulletin as
soon as possible.
---------------------------------------------------------------
PROBLEM: Security vulnerabilities in audit.
PLATFORM: Any system running HP Secure OS software for Linux Release 1.0
DAMAGE: Potential vulnerability within audit due to static linking
to zlib library that contains a flaw.
SOLUTION: Apply the appropriate patch.
MANUAL ACTIONS: None
AVAILABILITY: The patches are available now.
---------------------------------------------------------------
A. Background
HP Secure OS software for Linux release 1.0 includes an audit
daemon that was statically linked with zlib. Zlib has been
found to have a flaw. The patch below delivers a version of
the audit daemon that fixes this flaw.
Please see HPSBTL0204-030 for more details on the zlib vulnerability.
B. Fixing the problem
Apply the following patch:
HPTL_00016
This patch is available as follows: -
Use your browser to access the HP IT Resource Center page
at:
http://itrc.hp.com
Use the 'Login' tab at the left side of the screen to login
using your ID and password. Use your existing login or the
"Register" button at the left to create a login. Remember to save the
User ID assigned to you, and your password. This login provides
access to many useful areas of the ITRC.
Under the "Maintenance and Support" section, select "Individual Patches".
In the field at the bottom of the page labeled "retrieve a specific patch
by entering the patch name", enter {{ Patch number (s) }}
For instructions on installing the patch, please see the install text file
included in the patch.
C. To subscribe to automatically receive future NEW HP Security
Bulletins from the HP IT Resource Center via electronic
mail, do the following:
Use your browser to access to the HP IT Resource Center page
at:
http://itrc.hp.com
Use the 'Login' tab at the left side of the screen to login
using your ID and password. Use your existing login or the
"Register" button at the left to create a login. Remember to
save the User ID assigned to you, and your password. This
login provides access to many useful areas of the ITRC.
In the left most frame select "Maintenance and Support".
Under the "Notifications" section (near the bottom of
the page), select "Support Information Digests".
To -subscribe- to future HP Security Bulletins or other
Technical Digests, click the check box (in the left column)
for the appropriate digest and then click the "Update
Subscriptions" button at the bottom of the page.
or
To -review- bulletins already released, select the link
(in the middle column) for the appropriate digest.
D. To report new security vulnerabilities, send email to
security-alert@hp.com
Please encrypt any exploit information using the
security-alert PGP key, available from your local key
server. You ma also get the security-alert PGP key by
sending a message with a -subject- (not body) of
'get key' (no quotes) to security-alert@hp.com.
Permission is granted for copying and circulating this
Bulletin to Hewlett-Packard (HP) customers (or the Internet
community) for the purpose of alerting them to problems,
if and only if, the Bulletin is not edited or changed in
any way, is attributed to HP, and provided such reproduction
and/or distribution is performed for non-commercial purposes.
Any other use of this information is prohibited. HP is not
liable for any misuse of this information by any third party.
---------------------------------------------------------------
-----End of Document ID: HPSBTL0204-037--------------------------------------
|
|
