SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Zlib Vendors:   [Multiple Authors/Vendors]
'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
SecurityTracker Alert ID:  1003783
SecurityTracker URL:  http://securitytracker.com/id/1003783
CVE Reference:   CVE-2002-0059   (Links to External Site)
Date:  Mar 11 2002
Impact:   Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.1.3
Description:   A vulnerability was reported in the zlib shared library, a widely used library that provides in-memory compress and decompression functions. A remote user could cause programs using this library to crash or to execute arbitrary code on the system.

It is reported that certain types of input will cause zlib to free the same area of memory twice (i.e., perform a "double free"), resulting in a buffer overflow condition when expanding compressed input. A remote user can cause programs that process untrusted user-supplied compressed input to crash or potentially execute arbitrary code on the system.

It is reported that web browsers or email programs that display image attachments or other programs that uncompress data may be particularly affected.

It is reported that Matthias Clasen <maclas@gmx.de> and Owen Taylor <otaylor@redhat.com> discovered this bug.
Impact:   A remote user can cause affected programs that use zlib to process untrusted user-supplied compressed input to crash or potentially execute arbitrary code on the system.
Solution:   The vendor has released a fixed version (1.1.3), available at:

http://www.gzip.org/zlib/
Vendor URL:  www.gzip.org/zlib/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Red Hat Issues Fix) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a fix.
(SuSE Issues Fix) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a fix.
(Red Hat Issues Fix for Powertools) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a fix.
(Slackware Issues Fix) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a fix.
(Conectiva Issues Fix) Re: 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has issued a fix.
(FreeBSD Issues Fix) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a fix.
(Red Hat Issues Revised Fix) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a revised fix.
(Trustix Issues Fix) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a fix.
(Openbsd Issues Patch) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a patch.
(Red Hat Issues Fix for Sparc64 and Updates VNC Fix) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a revised fix.
(JCraft's JZlib is Also Vulnerable) Re: 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
JZlib is also vulnerable. A fixed version is available.
(Sun Issues Preliminary T-patches) Re: 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
Sun has issued a preliminary fix.
(Cisco Cache Software/ACNS Is Vulnerable) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The Cisco Cache Software is vulnerable. A fix has been developed and will be available soon.
(Cisco Intrusion Detection System is Vulnerable) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
Cisco Intrusion Detection System is vulnerable. A fix has been developed and will be released shortly.
(Cisco Hosting Solution Engine is Vulnerable) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
Cisco Hosting Solution Engine is vulnerable and a fix will be available shortly.
(Cisco Metro 1500 DWDM is Vulnerable) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
Cisco's Metro 1500 DWDM is vulnerable. Cisco has released a fix (pending).
(HP Issues Fix for HP Secure OS for Linux) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a fix for HP Secure OS for Linux.
(HP Issues Fix for Audit Daemon in HP Secure OS for Linux) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a fix for the audit daemon in HP Secure OS for Linux.
(Several Virtual Network Computing [VNC] Viewers are Vulnerable) Re: 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
Several VNC viewers from different vendors are affected by the zlib bug.
(Caldera Issues Fix) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a fix.
(FreeBSD Issues Revised Fix) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a revised fix.
(Sun Issues Fix) Re: 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has issued a fix for Solaris and OpenWindows.
(Conectiva Issues Fix) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
Conectiva has released a fix.
(XFree Issues Fix) Re: 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
XFree has issued a fixed version.
(Sun Issues Fix for JRE) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
The vendor has released a fix for JRE, which is affected by the zlib bug.
(HP Issues Fix for HP Java) 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
HP has released a fix for HP Java for HP-UX.


 Source Message Contents
Subject:  zlib bug


'zlib' Shared Compression Library Contains Double Free Buffer Overlow
That Lets Remote Users Cause Programs Using zlib to Crash or Execute
Arbitrary Code

Version:  zlib 1.1.3

Vendor:  Jean-loup Gailly and Mark Adler

Vendor URL: http://www.gzip.org/zlib/

A vulnerability was reported in the zlib shared library, a widely used
library that provides in-memory compress and decompression functions.  A
remote user could cause programs using this library to crash or to
execute arbitrary code on the system.


It is reported that certain types of input will cause zlib to free the
same area of memory twice (i.e., perform a "double free"), resulting in
a buffer overflow condition.
A remote user can cause programs that process untrusted user-supplied
compressed input to crash or potentially execute arbitrary code on the
system.

It is reported that web browsers or email programs that display image
attachments or other programs that uncompress data may be particularly
affected.

It is reported that Matthias Clasen <maclas@gmx.de> and Owen Taylor
<otaylor@redhat.com> discovered this bug.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC