ISS X-Force Database: zlib-doublefree-memory-corruption(8427): zlib double free memory corruption

zlib double free memory corruption

zlib-doublefree-memory-corruption (8427)

High Risk

Description:

zlib could allow a remote attacker to cause dynamically allocated memory segments to be released twice. A remote attacker could pass specially-crafted compressed data to a program that is linked to a vulnerable version of zlib to cause the corruption of internal memory segments, which could result in a denial of service against the affected program, memory leaks, or the execution of arbitrary code on the system.

Consequences:

Gain Privileges

Remedy:

Upgrade to the latest version of zlib (1.1.4 or later), available from the gzip Web page. See References.

For Red Hat Linux 6.2:
Upgrade to the latest version of zlib (1.1.3-25.6 or later) and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Red Hat Linux Errata Advisory RHSA-2002:026-35. See References.

For Red Hat Linux 7.0, 7.1, and 7.2:
Upgrade to the latest version of zlib (1.1.3-25.7 or later) and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Red Hat Linux Errata Advisory RHSA-2002:026-35. See References.

For Red Hat Powertools 6.2, 7.0, and 7.1:
Refer to Red Hat Linux Errata Advisory RHSA-2002:027-22 for upgrade information on programs that are statically linked to zlib or include a private copy of the zlib code. See References.

For Debian Linux 2.2 (potato):
Upgrade to the latest version of zlib (1.1.3-5.1 or later) and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in DSA-122-1. See References.

For EnGarde Secure Linux Community Edition:
Upgrade to the latest version of zlib (1.1.3-1.0.4 or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in EnGarde Secure Linux Security Advisory ESA-20020311-008. See References.

For SuSE Linux 6.4 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-575 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.0 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-571 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.1 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-570 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.2 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-573 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.3 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-597 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.0 and 7.1 (Sparc):
Upgrade to the latest version of libz (1.1.3-406 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.3 (Sparc):
Upgrade to the latest version of libz (1.1.3-419 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 6.4 (AXP Alpha):
Upgrade to the latest version of libz (1.1.3-435 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.0 and 7.1 (AXP Alpha):
Upgrade to the latest version of libz (1.1.3-434 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.3 (PPC Power PC):
Upgrade to the latest version of libz (1.1.3-432 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 6.4 (PPC Power PC):
Upgrade to the latest version of libz (1.1.3-416 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For SuSE Linux 7.0 and 7.1 (PPC Power PC):
Upgrade to the latest version of libz (1.1.3-417 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.

For Mandrake Linux 7.1, 7.2, Corporate Server 1.0.1, and Single Network Firewall 7.2:
Upgrade to the latest version of zlib (1.1.3-11.1 or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:022, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in MandrakeSoft Security Advisory MDKSA-2002:023 : zlib-pkgs. See References.

For Mandrake Linux 8.0 and 8.1:
Upgrade to the latest version of zlib (1.1.3-16.1 or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:022, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in MandrakeSoft Security Advisory MDKSA-2002:023 : zlib-pkgs. See References.

For OpenPKG 1.0:
Upgrade to the latest version of zlib (1.1.3-1.0.1 or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in OpenPKG Security Advisory OpenPKG-SA-2002.003. See References.

For Trustix Secure Linux 1.1, 1.2 and 1.5:
Upgrade to the latest version of zlib (1.1.4-1tr or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Trustix Secure Linux Security Advisory #2002-0040. See References.

For FreeBSD 4.5-STABLE and earlier (prior to 2002-02-23):
Upgrade to the the latest version of FreeBSD (4.5-STABLE dated after 2002-02-23), or apply the patch for this vulnerability, as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-02:18. See References.

For Cisco Cache Software/ACNS, ME1100, Cisco IDS, Metro 1500 DWDM, and Hosting Solution Engine (HSE):
Refer to Cisco Security Advisory: Vulnerability in the zlib Compression Library for upgrade or patch information. See References.

For TightVNC prior to 1.2.3:
Upgrade to the latest version of TightVNC (1.2.3 or later), available from the TightVNC Web site. See References.

For Conectiva Linux 5.0, prg graficos, and ecommerce:
Upgrade to the latest version of zlib (1.1.3-15U50_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.

For Conectiva Linux 5.1:
Upgrade to the latest version of zlib (1.1.3-15U51_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.

For Conectiva Linux 6.0:
Upgrade to the latest version of zlib (1.1.3-15U60_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.

For Conectiva Linux 7.0:
Upgrade to the latest version of zlib (1.1.3-15U70_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.

For Caldera OpenLinux Server and Workstation 3.1 and 3.1.1:
Upgrade to the latest version of libz (1.1.3-12 or later), and upgrade other programs as needed, that are statically linked to libz or include a private copy of the libz code, as listed in Caldera International, Inc. Security Advisory CSSA-2002-015.1. See References.

For Sun SDK and JRE:
Upgrade to the latest versions of SDK and JRE, as listed in Sun Microsystems, Inc. Security Bulletin #00220. See References.

For Sun Solaris:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 43541 for more information. See References.

SPARC:
Open Windows 3.6.1 (for Solaris 7): 108376-37 or later
Open Windows 3.6.2 (for Solaris 8): 108652-51 or later
Solaris 8: 112611-01 or later
Gnome 2.0 (for Solaris 8): 112611-01 or later

x86:
Open Windows 3.6.1 (for Solaris 7): 108377-33 or later
Open Windows 3.6.2 (for Solaris 8): 108653-41 or later
Solaris 8: 112612-01 or later
Gnome 2.0 (for Solaris 8): 112612-01 or later

For other distributions:
Contact your vendor for upgrade or patch information.

References:

BugTraq Mailing List, 2002-11-18 18:38:18: Re: Multiple vulnerabilities in Macromedia Flash ActiveX.
BugTraq Mailing List, Mon Mar 11 2002 - 20:36:35 CST: zlibscan : script to find suid binaries possibly affected by zlib vulnerability.
BugTraq Mailing List, Thu Mar 14 2002 - 11:52:13 CST: ZLib double free bug: Windows NT potentially unaffected.
BugTraq Mailing List, Thu Mar 14 2002 - 16:25:26 CST: Re: about zlib vulnerability - Microsoft products.
BugTraq Mailing List, Tue Mar 12 2002 - 03:57:29 CST: exploiting the zlib bug in openssh.
BugTraq Mailing List, Tue Mar 12 2002 - 09:29:25 CST: zlib & java.
BugTraq Mailing List, Tue Mar 12 2002 - 11:12:51 CST: Re: [VulnWatch] exploiting the zlib bug in openssh.
BugTraq Mailing List, Tue Mar 12 2002 - 18:03:13 CST: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris.
BugTraq Mailing List, Wed Mar 13 2002 - 17:46:02 CST: about zlib vulnerability.
Caldera International, Inc. Security Advisory CSSA-2002-015.0: Linux: Double free in zlib (libz) vulnerability.
Caldera International, Inc. Security Advisory CSSA-2002-015.1: Linux: REVISED: Double free in zlib (libz) vulnerability.
CERT Advisory CA-2002-07: Double Free Bug in zlib Compression Library.
CIAC Information Bulletin M-062: Double Free Bug in zlib Compression Library.
Cisco Systems Inc. Security Advisory, 2002 April 03 16:00 (UTC +0000): Vulnerability in the zlib Compression Library.
Conectiva Linux Announcement CLSA-2002:469: zlib double free() vulnerability.
EnGarde Secure Linux Security Advisory ESA-20020311-008: Double free() in zlib may lead to buffer overflow..
FreeBSD Security Advisory FreeBSD-SA-02:18: zlib double-free.
FreeBSD Security Advisory FreeBSD-SA-02:18 v1.2: zlib double-free.
gzip Web site: zlib Home site.
NTBugTraq Mailing List, Mon, 18 Nov 2002 20:58:23 +0300: LOM: Multiple vulnerabilities in Macromedia Flash ActiveX.
Sun Alert ID: 43541: Security issue with zlib (libz(3)) in Solaris and OpenWindows and GNOME.
Sun Microsystems, Inc. Security Bulletin #00220: Double Free bug in zlib compression library.
TightVNC Web site: TightVNC: Download Area.
Trustix Secure Linux Security Advisory #2002-0040: double free() vulerability.
VNC Security Bulletin 25 March 2002: Zlib double free issue.
Zlib Advisory 2002-03-11: zlib Compression Library Corrupts malloc Data Structures via Double Free.
BID-4267: ZLib Compression Library Heap Corruption Vulnerability
CVE-2002-0059: The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a double free), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
DSA-122: zlib -- malloc error (double free)
MDKSA-2002:022: Updated zlib packages fix double free vulnerability
MDKSA-2002:023: Updated zlib-related packages fix double free vulnerability
MDKSA-2002:023-1: Updated zlib-related packages fix double free vulnerability
MDKSA-2002:024: Updated rsync packages fix multiple vulnerabilities
MDKSA-2002:024-1: Updated rsync packages fix multiple vulnerabilities
OpenPKG-SA-2002.003: zlib
RHSA-2002-026: Vulnerability in zlib library
RHSA-2002-027: Vulnerability in zlib library (powertools)
US-CERT VU#368819: Double Free Bug in zlib Compression Library Corrupts malloc`s Internal Data Structures

Platforms Affected:

AT&T VNC Viewer and Server for Apple Newton
AT&T VNC Viewer for Java
Cisco Application and Content Networking Software
Cisco Content Distribution Manager 4630
Cisco Content Distribution Manager 4650
Cisco Content Engine 507
Cisco Content Engine 560
Cisco Content Engine 590
Cisco Content Engine 7320
Cisco Content Router 4430
Cisco Hosting Solution Engine 1.0
Cisco Hosting Solution Engine 1.3
Cisco IDS
Cisco ME 1100
Cisco Metro 1500 DWDM
Conectiva Linux 5.0
Conectiva Linux 5.1
Conectiva Linux 6.0
Conectiva Linux 7.0
Conectiva Linux ecommerce
Conectiva Linux prg_graficos
Debian Debian Linux 2.2
EngardeLinux Secure Linux
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.5
GNOME GNOME 2.0
GNU zlib 1.0
GNU zlib 1.0.1
GNU zlib 1.0.2
GNU zlib 1.0.3
GNU zlib 1.0.4
GNU zlib 1.0.5
GNU zlib 1.0.6
GNU zlib 1.0.7
GNU zlib 1.0.8
GNU zlib 1.0.9
GNU zlib 1.1
GNU zlib 1.1.1
GNU zlib 1.1.2
GNU zlib 1.1.3
MandrakeSoft Mandrake Linux 7.1
MandrakeSoft Mandrake Linux 7.2
MandrakeSoft Mandrake Linux 8.0 PPC
MandrakeSoft Mandrake Linux 8.0
MandrakeSoft Mandrake Linux 8.1 IA64
MandrakeSoft Mandrake Linux 8.1
MandrakeSoft Mandrake Linux Corporate Server 1.0.1
MandrakeSoft Mandrake Single Network Firewall 7.2
Novell SuSE Linux Enterprise Server 7.0
OpenPKG OpenPKG 1.0
RedHat Linux 6.2
RedHat Linux 7
RedHat Linux 7.1
RedHat Linux 7.2
RedHat Linux 7.3
RedHat Linux Powertools 6.2
RedHat Linux Powertools 7.0
RedHat Linux Powertools 7.1
SCO Caldera OpenLinux Server 3.1.1
SCO Caldera OpenLinux Workstation 3.1.1
Sun JDK
Sun JRE
Sun OpenWindows 3.6.1
Sun OpenWindows 3.6.2
Sun SDK
Sun Solaris 8
SuSE SuSE eMail Server III
SUSE SuSE Linux 6.4
SUSE SuSE Linux 7.0
SUSE SuSE Linux 7.1
SUSE SuSE Linux 7.2
SUSE SuSE Linux 7.3
SuSE SuSE Linux Connectivity Server
SuSE SuSE Linux Database Server
SuSE SuSE Linux Firewall
TightVNC TightVNC prior to 1.2.3
Tridia Corporation TridiaVNC 1.5.4
Trustix Secure Linux 1.1
Trustix Secure Linux 1.2
Trustix Secure Linux 1.5
VNCThing VNCThing for Mac OS 8/9/X

Reported:

Mar 11, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page