ISS X-Force Database: zlib-doublefree-memory-corruption(8427): zlib double free memory corruption

zlib double free memory corruption

zlib-doublefree-memory-corruption (8427)

High Risk

Description:

zlib could allow a remote attacker to cause dynamically allocated memory segments to be released twice. A remote attacker could pass specially-crafted compressed data to a program that is linked to a vulnerable version of zlib to cause the corruption of internal memory segments, which could result in a denial of service against the affected program, memory leaks, or the execution of arbitrary code on the system.

Platforms Affected:

AT&T, VNC Viewer and Server for Apple Newton
AT&T, VNC Viewer for Java
Cisco, Application and Content Networking Software
Cisco, Content Distribution Manager 4630
Cisco, Content Distribution Manager 4650
Cisco, Content Engine 507
Cisco, Content Engine 560
Cisco, Content Engine 590
Cisco, Content Engine 7320
Cisco, Content Router 4430
Cisco, Hosting Solution Engine 1.0
Cisco, Hosting Solution Engine 1.3
Cisco, IDS
Cisco, ME 1100
Cisco, Metro 1500 DWDM
Conectiva, Linux 5.0
Conectiva, Linux 5.1
Conectiva, Linux 6.0
Conectiva, Linux 7.0
Conectiva, Linux ecommerce
Conectiva, Linux prg_graficos
Debian, Debian Linux 2.2
EngardeLinux, Secure Linux
FreeBSD, FreeBSD 4.0
FreeBSD, FreeBSD 4.1
FreeBSD, FreeBSD 4.2
FreeBSD, FreeBSD 4.3
FreeBSD, FreeBSD 4.4
FreeBSD, FreeBSD 4.5
GNOME, GNOME 2.0
GNU, zlib 1.0
GNU, zlib 1.0.1
GNU, zlib 1.0.2
GNU, zlib 1.0.3
GNU, zlib 1.0.4
GNU, zlib 1.0.5
GNU, zlib 1.0.6
GNU, zlib 1.0.7
GNU, zlib 1.0.8
GNU, zlib 1.0.9
GNU, zlib 1.1
GNU, zlib 1.1.1
GNU, zlib 1.1.2
GNU, zlib 1.1.3
MandrakeSoft, Mandrake Linux 7.1
MandrakeSoft, Mandrake Linux 7.2
MandrakeSoft, Mandrake Linux 8.0
MandrakeSoft, Mandrake Linux 8.0 PPC
MandrakeSoft, Mandrake Linux 8.1
MandrakeSoft, Mandrake Linux 8.1 IA64
MandrakeSoft, Mandrake Linux Corporate Server 1.0.1
MandrakeSoft, Mandrake Single Network Firewall 7.2
OpenPKG, OpenPKG 1.0
RedHat, Linux 6.2
RedHat, Linux 7
RedHat, Linux 7.1
RedHat, Linux 7.2
RedHat, Linux 7.3
RedHat, Linux Powertools 6.2
RedHat, Linux Powertools 7.0
RedHat, Linux Powertools 7.1
SCO, Caldera OpenLinux Server 3.1.1
SCO, Caldera OpenLinux Workstation 3.1.1
Sun, JDK
Sun, JRE
Sun, OpenWindows 3.6.1
Sun, OpenWindows 3.6.2
Sun, SDK
Sun, Solaris 8
SuSE, SuSE eMail Server III
SuSE, SuSE Linux 6.4
SuSE, SuSE Linux 7.0
SuSE, SuSE Linux 7.1
SuSE, SuSE Linux 7.2
SuSE, SuSE Linux 7.3
SuSE, SuSE Linux Connectivity Server
SuSE, SuSE Linux Database Server
SuSE, SuSE Linux Enterprise Server 7.0
SuSE, SuSE Linux Firewall
TightVNC, TightVNC prior to 1.2.3
Tridia Corporation, TridiaVNC 1.5.4
Trustix, Secure Linux 1.1
Trustix, Secure Linux 1.2
Trustix, Secure Linux 1.5
VNCThing, VNCThing for Mac OS 8/9/X

Remedy:

Upgrade to the latest version of zlib (1.1.4 or later), available from the gzip Web page. See References.

For Red Hat Linux 6.2:
Upgrade to the latest version of zlib (1.1.3-25.6 or later) and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Red Hat Linux Errata Advisory RHSA-2002:026-35. See References.

For Red Hat Linux 7.0, 7.1, and 7.2:
Upgrade to the latest version of zlib (1.1.3-25.7 or later) and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Red Hat Linux Errata Advisory RHSA-2002:026-35. See References.

For Red Hat Powertools 6.2, 7.0, and 7.1:
Refer to Red Hat Linux Errata Advisory RHSA-2002:027-22 for upgrade information on programs that are statically linked to zlib or include a private copy of the zlib code. See References.

For Debian Linux 2.2 (potato):
Upgrade to the latest version of zlib (1.1.3-5.1 or later) and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in DSA-122-1. See References.

For EnGarde Secure Linux Community Edition:
Upgrade to the latest version of zlib (1.1.3-1.0.4 or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in EnGarde Secure Linux Security Advisory ESA-20020311-008. See References.

For SuSE Linux 6.4 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-575 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.0 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-571 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.1 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-570 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.2 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-573 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.3 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-597 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.0 and 7.1 (Sparc):
Upgrade to the latest version of libz (1.1.3-406 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.3 (Sparc):
Upgrade to the latest version of libz (1.1.3-419 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 6.4 (AXP Alpha):
Upgrade to the latest version of libz (1.1.3-435 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.0 and 7.1 (AXP Alpha):
Upgrade to the latest version of libz (1.1.3-434 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.3 (PPC Power PC):
Upgrade to the latest version of libz (1.1.3-432 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 6.4 (PPC Power PC):
Upgrade to the latest version of libz (1.1.3-416 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.0 and 7.1 (PPC Power PC):
Upgrade to the latest version of libz (1.1.3-417 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For Mandrake Linux 7.1, 7.2, Corporate Server 1.0.1, and Single Network Firewall 7.2:
Upgrade to the latest version of zlib (1.1.3-11.1 or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:022, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in MandrakeSoft Security Advisory MDKSA-2002:023 : zlib-pkgs. See References.

For Mandrake Linux 8.0 and 8.1:
Upgrade to the latest version of zlib (1.1.3-16.1 or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:022, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in MandrakeSoft Security Advisory MDKSA-2002:023 : zlib-pkgs. See References.

For OpenPKG 1.0:
Upgrade to the latest version of zlib (1.1.3-1.0.1 or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in OpenPKG Security Advisory OpenPKG-SA-2002.003. See References.

For Trustix Secure Linux 1.1, 1.2 and 1.5:
Upgrade to the latest version of zlib (1.1.4-1tr or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Trustix Secure Linux Security Advisory #2002-0040. See References.

For FreeBSD 4.5-STABLE and earlier (prior to 2002-02-23):
Upgrade to the the latest version of FreeBSD (4.5-STABLE dated after 2002-02-23), or apply the patch for this vulnerability, as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-02:18. See References.

For Cisco Cache Software/ACNS, ME1100, Cisco IDS, Metro 1500 DWDM, and Hosting Solution Engine (HSE):
Refer to Cisco Security Advisory: Vulnerability in the zlib Compression Library for upgrade or patch information. See References.

For TightVNC prior to 1.2.3:
Upgrade to the latest version of TightVNC (1.2.3 or later), available from the TightVNC Web site. See References.

For Conectiva Linux 5.0, prg graficos, and ecommerce:
Upgrade to the latest version of zlib (1.1.3-15U50_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.

For Conectiva Linux 5.1:
Upgrade to the latest version of zlib (1.1.3-15U51_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.

For Conectiva Linux 6.0:
Upgrade to the latest version of zlib (1.1.3-15U60_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.

For Conectiva Linux 7.0:
Upgrade to the latest version of zlib (1.1.3-15U70_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.

For Caldera OpenLinux Server and Workstation 3.1 and 3.1.1:
Upgrade to the latest version of libz (1.1.3-12 or later), and upgrade other programs as needed, that are statically linked to libz or include a private copy of the libz code, as listed in Caldera International, Inc. Security Advisory CSSA-2002-015.1. See References.

For Sun SDK and JRE:
Upgrade to the latest versions of SDK and JRE, as listed in Sun Microsystems, Inc. Security Bulletin #00220. See References.

For Sun Solaris:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 43541 for more information. See References.

SPARC:
Open Windows 3.6.1 (for Solaris 7): 108376-37 or later
Open Windows 3.6.2 (for Solaris 8): 108652-51 or later
Solaris 8: 112611-01 or later
Gnome 2.0 (for Solaris 8): 112611-01 or later

x86:
Open Windows 3.6.1 (for Solaris 7): 108377-33 or later
Open Windows 3.6.2 (for Solaris 8): 108653-41 or later
Solaris 8: 112612-01 or later
Gnome 2.0 (for Solaris 8): 112612-01 or later

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Privileges

References:

BugTraq Mailing List, 2002-11-18 18:38:18, Re: Multiple vulnerabilities in Macromedia Flash ActiveX at http://marc.theaimsgroup.com/?l=bugtraq&m=103765201002605&w=2.
BugTraq Mailing List, Mon Mar 11 2002 - 20:36:35 CST, zlibscan : script to find suid binaries possibly affected by zlib vulnerability at http://archives.neohapsis.com/archives/bugtraq/2002-03/0136.html.
BugTraq Mailing List, Thu Mar 14 2002 - 11:52:13 CST, ZLib double free bug: Windows NT potentially unaffected at http://archives.neohapsis.com/archives/bugtraq/2002-03/0174.html.
BugTraq Mailing List, Thu Mar 14 2002 - 16:25:26 CST, Re: about zlib vulnerability - Microsoft products at http://archives.neohapsis.com/archives/bugtraq/2002-03/0173.html.
BugTraq Mailing List, Tue Mar 12 2002 - 03:57:29 CST, exploiting the zlib bug in openssh at http://archives.neohapsis.com/archives/bugtraq/2002-03/0121.html.
BugTraq Mailing List, Tue Mar 12 2002 - 09:29:25 CST, zlib & java at http://archives.neohapsis.com/archives/bugtraq/2002-03/0119.html.
BugTraq Mailing List, Tue Mar 12 2002 - 11:12:51 CST, Re: [VulnWatch] exploiting the zlib bug in openssh at http://archives.neohapsis.com/archives/bugtraq/2002-03/0124.html.
BugTraq Mailing List, Tue Mar 12 2002 - 18:03:13 CST, OpenSSH rebuild warning: problems avoiding zlib problems in Solaris at http://archives.neohapsis.com/archives/bugtraq/2002-03/0138.html.
BugTraq Mailing List, Wed Mar 13 2002 - 17:46:02 CST, about zlib vulnerability at http://archives.neohapsis.com/archives/bugtraq/2002-03/0170.html.
Caldera International, Inc. Security Advisory CSSA-2002-015.0, Linux: Double free in zlib (libz) vulnerability at ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-015.0.txt.
Caldera International, Inc. Security Advisory CSSA-2002-015.1, Linux: REVISED: Double free in zlib (libz) vulnerability at ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt.
CERT Advisory CA-2002-07, Double Free Bug in zlib Compression Library at http://www.cert.org/advisories/CA-2002-07.html.
CIAC Information Bulletin M-062, Double Free Bug in zlib Compression Library at http://www.ciac.org/ciac/bulletins/m-062.shtml.
Cisco Systems Inc. Security Advisory, 2002 April 03 16:00 (UTC +0000), Vulnerability in the zlib Compression Library at http://www.cisco.com/warp/public/707/zlib-double-free.shtml.
Conectiva Linux Announcement CLSA-2002:469, zlib double free() vulnerability at http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469.
EnGarde Secure Linux Security Advisory ESA-20020311-008, Double free() in zlib may lead to buffer overflow. at http://www.linuxsecurity.com/content/view/103737/109/.
FreeBSD Security Advisory FreeBSD-SA-02:18, zlib double-free at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.asc.
FreeBSD Security Advisory FreeBSD-SA-02:18 v1.2, zlib double-free at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.v1.2.asc.
gzip Web site, zlib Home site at http://www.gzip.org/zlib/.
NTBugTraq Mailing List, Mon, 18 Nov 2002 20:58:23 +0300, LOM: Multiple vulnerabilities in Macromedia Flash ActiveX at http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0211&L=ntbugtraq&F=P&S=&P=1286.
Sun Alert ID: 43541, Security issue with zlib (libz(3)) in Solaris and OpenWindows and GNOME at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F43541&zone_32=category%3Asecurity.
Sun Microsystems, Inc. Security Bulletin #00220, Double Free bug in zlib compression library at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/220&type=0&nav=sec.sba.
TightVNC Web site, TightVNC: Download Area at http://www.tightvnc.com/download.html.
Trustix Secure Linux Security Advisory #2002-0040, double free() vulerability at http://www.trustix.net/errata/2002/0040/.
VNC Security Bulletin 25 March 2002, Zlib double free issue at http://www.evilsecurity.com/vnc/vnc-zlib-advisory-02.htm.
Zlib Advisory 2002-03-11, zlib Compression Library Corrupts malloc Data Structures via Double Free at http://www.gzip.org/zlib/advisory-2002-03-11.txt.
BID-4267: ZLib Compression Library Heap Corruption Vulnerability
CVE-2002-0059: The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a double free), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
DSA-122: zlib -- malloc error (double free)
MDKSA-2002:022: Updated zlib packages fix double free vulnerability
MDKSA-2002:023: Updated zlib-related packages fix double free vulnerability
MDKSA-2002:023-1: Updated zlib-related packages fix double free vulnerability
MDKSA-2002:024: Updated rsync packages fix multiple vulnerabilities
MDKSA-2002:024-1: Updated rsync packages fix multiple vulnerabilities
OpenPKG-SA-2002.003: zlib
RHSA-2002-026: Vulnerability in zlib library
RHSA-2002-027: Vulnerability in zlib library (powertools)
US-CERT VU#368819: Double Free Bug in zlib Compression Library Corrupts malloc`s Internal Data Structures

Reported:

Mar 11, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page