zlib double free memory corruption
| zlib-doublefree-memory-corruption (8427) |
Description:
zlib could allow a remote attacker to cause dynamically allocated memory segments to be released twice. A remote attacker could pass specially-crafted compressed data to a program that is linked to a vulnerable version of zlib to cause the corruption of internal memory segments, which could result in a denial of service against the affected program, memory leaks, or the execution of arbitrary code on the system.
Platforms Affected:
- AT&T, VNC Viewer and Server for Apple Newton
- AT&T, VNC Viewer for Java
- Cisco, Application and Content Networking Software
- Cisco, Content Distribution Manager 4630
- Cisco, Content Distribution Manager 4650
- Cisco, Content Engine 507
- Cisco, Content Engine 560
- Cisco, Content Engine 590
- Cisco, Content Engine 7320
- Cisco, Content Router 4430
- Cisco, Hosting Solution Engine 1.0
- Cisco, Hosting Solution Engine 1.3
- Cisco, IDS
- Cisco, ME 1100
- Cisco, Metro 1500 DWDM
- Conectiva, Linux 5.0
- Conectiva, Linux 5.1
- Conectiva, Linux 6.0
- Conectiva, Linux 7.0
- Conectiva, Linux ecommerce
- Conectiva, Linux prg_graficos
- Debian, Debian Linux 2.2
- EngardeLinux, Secure Linux
- FreeBSD, FreeBSD 4.0
- FreeBSD, FreeBSD 4.1
- FreeBSD, FreeBSD 4.2
- FreeBSD, FreeBSD 4.3
- FreeBSD, FreeBSD 4.4
- FreeBSD, FreeBSD 4.5
- GNOME, GNOME 2.0
- GNU, zlib 1.0
- GNU, zlib 1.0.1
- GNU, zlib 1.0.2
- GNU, zlib 1.0.3
- GNU, zlib 1.0.4
- GNU, zlib 1.0.5
- GNU, zlib 1.0.6
- GNU, zlib 1.0.7
- GNU, zlib 1.0.8
- GNU, zlib 1.0.9
- GNU, zlib 1.1
- GNU, zlib 1.1.1
- GNU, zlib 1.1.2
- GNU, zlib 1.1.3
- MandrakeSoft, Mandrake Linux 7.1
- MandrakeSoft, Mandrake Linux 7.2
- MandrakeSoft, Mandrake Linux 8.0
- MandrakeSoft, Mandrake Linux 8.0 PPC
- MandrakeSoft, Mandrake Linux 8.1
- MandrakeSoft, Mandrake Linux 8.1 IA64
- MandrakeSoft, Mandrake Linux Corporate Server 1.0.1
- MandrakeSoft, Mandrake Single Network Firewall 7.2
- OpenPKG, OpenPKG 1.0
- RedHat, Linux 6.2
- RedHat, Linux 7
- RedHat, Linux 7.1
- RedHat, Linux 7.2
- RedHat, Linux 7.3
- RedHat, Linux Powertools 6.2
- RedHat, Linux Powertools 7.0
- RedHat, Linux Powertools 7.1
- SCO, Caldera OpenLinux Server 3.1.1
- SCO, Caldera OpenLinux Workstation 3.1.1
- Sun, JDK
- Sun, JRE
- Sun, OpenWindows 3.6.1
- Sun, OpenWindows 3.6.2
- Sun, SDK
- Sun, Solaris 8
- SuSE, SuSE eMail Server III
- SuSE, SuSE Linux 6.4
- SuSE, SuSE Linux 7.0
- SuSE, SuSE Linux 7.1
- SuSE, SuSE Linux 7.2
- SuSE, SuSE Linux 7.3
- SuSE, SuSE Linux Connectivity Server
- SuSE, SuSE Linux Database Server
- SuSE, SuSE Linux Enterprise Server 7.0
- SuSE, SuSE Linux Firewall
- TightVNC, TightVNC prior to 1.2.3
- Tridia Corporation, TridiaVNC 1.5.4
- Trustix, Secure Linux 1.1
- Trustix, Secure Linux 1.2
- Trustix, Secure Linux 1.5
- VNCThing, VNCThing for Mac OS 8/9/X
Remedy:
Upgrade to the latest version of zlib (1.1.4 or later), available from the gzip Web page. See References.
For Red Hat Linux 6.2:
Upgrade to the latest version of zlib (1.1.3-25.6 or later) and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Red Hat Linux Errata Advisory RHSA-2002:026-35. See References.
For Red Hat Linux 7.0, 7.1, and 7.2:
Upgrade to the latest version of zlib (1.1.3-25.7 or later) and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Red Hat Linux Errata Advisory RHSA-2002:026-35. See References.
For Red Hat Powertools 6.2, 7.0, and 7.1:
Refer to Red Hat Linux Errata Advisory RHSA-2002:027-22 for upgrade information on programs that are statically linked to zlib or include a private copy of the zlib code. See References.
For Debian Linux 2.2 (potato):
Upgrade to the latest version of zlib (1.1.3-5.1 or later) and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in DSA-122-1. See References.
For EnGarde Secure Linux Community Edition:
Upgrade to the latest version of zlib (1.1.3-1.0.4 or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in EnGarde Secure Linux Security Advisory ESA-20020311-008. See References.
For SuSE Linux 6.4 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-575 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.0 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-571 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.1 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-570 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.2 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-573 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.3 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-597 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.0 and 7.1 (Sparc):
Upgrade to the latest version of libz (1.1.3-406 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.3 (Sparc):
Upgrade to the latest version of libz (1.1.3-419 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 6.4 (AXP Alpha):
Upgrade to the latest version of libz (1.1.3-435 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.0 and 7.1 (AXP Alpha):
Upgrade to the latest version of libz (1.1.3-434 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.3 (PPC Power PC):
Upgrade to the latest version of libz (1.1.3-432 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 6.4 (PPC Power PC):
Upgrade to the latest version of libz (1.1.3-416 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.0 and 7.1 (PPC Power PC):
Upgrade to the latest version of libz (1.1.3-417 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For Mandrake Linux 7.1, 7.2, Corporate Server 1.0.1, and Single Network Firewall 7.2:
Upgrade to the latest version of zlib (1.1.3-11.1 or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:022, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in MandrakeSoft Security Advisory MDKSA-2002:023 : zlib-pkgs. See References.
For Mandrake Linux 8.0 and 8.1:
Upgrade to the latest version of zlib (1.1.3-16.1 or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:022, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in MandrakeSoft Security Advisory MDKSA-2002:023 : zlib-pkgs. See References.
For OpenPKG 1.0:
Upgrade to the latest version of zlib (1.1.3-1.0.1 or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in OpenPKG Security Advisory OpenPKG-SA-2002.003. See References.
For Trustix Secure Linux 1.1, 1.2 and 1.5:
Upgrade to the latest version of zlib (1.1.4-1tr or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Trustix Secure Linux Security Advisory #2002-0040. See References.
For FreeBSD 4.5-STABLE and earlier (prior to 2002-02-23):
Upgrade to the the latest version of FreeBSD (4.5-STABLE dated after 2002-02-23), or apply the patch for this vulnerability, as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-02:18. See References.
For Cisco Cache Software/ACNS, ME1100, Cisco IDS, Metro 1500 DWDM, and Hosting Solution Engine (HSE):
Refer to Cisco Security Advisory: Vulnerability in the zlib Compression Library for upgrade or patch information. See References.
For TightVNC prior to 1.2.3:
Upgrade to the latest version of TightVNC (1.2.3 or later), available from the TightVNC Web site. See References.
For Conectiva Linux 5.0, prg graficos, and ecommerce:
Upgrade to the latest version of zlib (1.1.3-15U50_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.
For Conectiva Linux 5.1:
Upgrade to the latest version of zlib (1.1.3-15U51_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.
For Conectiva Linux 6.0:
Upgrade to the latest version of zlib (1.1.3-15U60_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.
For Conectiva Linux 7.0:
Upgrade to the latest version of zlib (1.1.3-15U70_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.
For Caldera OpenLinux Server and Workstation 3.1 and 3.1.1:
Upgrade to the latest version of libz (1.1.3-12 or later), and upgrade other programs as needed, that are statically linked to libz or include a private copy of the libz code, as listed in Caldera International, Inc. Security Advisory CSSA-2002-015.1. See References.
For Sun SDK and JRE:
Upgrade to the latest versions of SDK and JRE, as listed in Sun Microsystems, Inc. Security Bulletin #00220. See References.
For Sun Solaris:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 43541 for more information. See References.
Open Windows 3.6.1 (for Solaris 7): 108376-37 or later
Open Windows 3.6.2 (for Solaris 8): 108652-51 or later
Solaris 8: 112611-01 or later
Gnome 2.0 (for Solaris 8): 112611-01 or later
x86:
Open Windows 3.6.1 (for Solaris 7): 108377-33 or later
Open Windows 3.6.2 (for Solaris 8): 108653-41 or later
Solaris 8: 112612-01 or later
Gnome 2.0 (for Solaris 8): 112612-01 or later
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
Gain Privileges
References:
- BugTraq Mailing List, 2002-11-18 18:38:18, Re: Multiple vulnerabilities in Macromedia Flash ActiveX at http://marc.theaimsgroup.com/?l=bugtraq&m=103765201002605&w=2.
- BugTraq Mailing List, Mon Mar 11 2002 - 20:36:35 CST, zlibscan : script to find suid binaries possibly affected by zlib vulnerability at http://archives.neohapsis.com/archives/bugtraq/2002-03/0136.html.
- BugTraq Mailing List, Thu Mar 14 2002 - 11:52:13 CST, ZLib double free bug: Windows NT potentially unaffected at http://archives.neohapsis.com/archives/bugtraq/2002-03/0174.html.
- BugTraq Mailing List, Thu Mar 14 2002 - 16:25:26 CST, Re: about zlib vulnerability - Microsoft products at http://archives.neohapsis.com/archives/bugtraq/2002-03/0173.html.
- BugTraq Mailing List, Tue Mar 12 2002 - 03:57:29 CST, exploiting the zlib bug in openssh at http://archives.neohapsis.com/archives/bugtraq/2002-03/0121.html.
- BugTraq Mailing List, Tue Mar 12 2002 - 09:29:25 CST, zlib & java at http://archives.neohapsis.com/archives/bugtraq/2002-03/0119.html.
- BugTraq Mailing List, Tue Mar 12 2002 - 11:12:51 CST, Re: [VulnWatch] exploiting the zlib bug in openssh at http://archives.neohapsis.com/archives/bugtraq/2002-03/0124.html.
- BugTraq Mailing List, Tue Mar 12 2002 - 18:03:13 CST, OpenSSH rebuild warning: problems avoiding zlib problems in Solaris at http://archives.neohapsis.com/archives/bugtraq/2002-03/0138.html.
- BugTraq Mailing List, Wed Mar 13 2002 - 17:46:02 CST, about zlib vulnerability at http://archives.neohapsis.com/archives/bugtraq/2002-03/0170.html.
- Caldera International, Inc. Security Advisory CSSA-2002-015.0, Linux: Double free in zlib (libz) vulnerability at ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-015.0.txt.
- Caldera International, Inc. Security Advisory CSSA-2002-015.1, Linux: REVISED: Double free in zlib (libz) vulnerability at ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt.
- CERT Advisory CA-2002-07, Double Free Bug in zlib Compression Library at http://www.cert.org/advisories/CA-2002-07.html.
- CIAC Information Bulletin M-062, Double Free Bug in zlib Compression Library at http://www.ciac.org/ciac/bulletins/m-062.shtml.
- Cisco Systems Inc. Security Advisory, 2002 April 03 16:00 (UTC +0000), Vulnerability in the zlib Compression Library at http://www.cisco.com/warp/public/707/zlib-double-free.shtml.
- Conectiva Linux Announcement CLSA-2002:469, zlib double free() vulnerability at http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469.
- EnGarde Secure Linux Security Advisory ESA-20020311-008, Double free() in zlib may lead to buffer overflow. at http://www.linuxsecurity.com/content/view/103737/109/.
- FreeBSD Security Advisory FreeBSD-SA-02:18, zlib double-free at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.asc.
- FreeBSD Security Advisory FreeBSD-SA-02:18 v1.2, zlib double-free at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.v1.2.asc.
- gzip Web site, zlib Home site at http://www.gzip.org/zlib/.
- NTBugTraq Mailing List, Mon, 18 Nov 2002 20:58:23 +0300, LOM: Multiple vulnerabilities in Macromedia Flash ActiveX at http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0211&L=ntbugtraq&F=P&S=&P=1286.
- Sun Alert ID: 43541, Security issue with zlib (libz(3)) in Solaris and OpenWindows and GNOME at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F43541&zone_32=category%3Asecurity.
- Sun Microsystems, Inc. Security Bulletin #00220, Double Free bug in zlib compression library at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/220&type=0&nav=sec.sba.
- TightVNC Web site, TightVNC: Download Area at http://www.tightvnc.com/download.html.
- Trustix Secure Linux Security Advisory #2002-0040, double free() vulerability at http://www.trustix.net/errata/2002/0040/.
- VNC Security Bulletin 25 March 2002, Zlib double free issue at http://www.evilsecurity.com/vnc/vnc-zlib-advisory-02.htm.
- Zlib Advisory 2002-03-11, zlib Compression Library Corrupts malloc Data Structures via Double Free at http://www.gzip.org/zlib/advisory-2002-03-11.txt.
- BID-4267: ZLib Compression Library Heap Corruption Vulnerability
- CVE-2002-0059: The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a double free), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
- DSA-122: zlib -- malloc error (double free)
- MDKSA-2002:022: Updated zlib packages fix double free vulnerability
- MDKSA-2002:023: Updated zlib-related packages fix double free vulnerability
- MDKSA-2002:023-1: Updated zlib-related packages fix double free vulnerability
- MDKSA-2002:024: Updated rsync packages fix multiple vulnerabilities
- MDKSA-2002:024-1: Updated rsync packages fix multiple vulnerabilities
- OpenPKG-SA-2002.003: zlib
- RHSA-2002-026: Vulnerability in zlib library
- RHSA-2002-027: Vulnerability in zlib library (powertools)
- US-CERT VU#368819: Double Free Bug in zlib Compression Library Corrupts malloc`s Internal Data Structures
Reported:
Mar 11, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net
