zlib double free memory corruption
| zlib-doublefree-memory-corruption (8427) |
Description:
zlib could allow a remote attacker to cause dynamically allocated memory segments to be released twice. A remote attacker could pass specially-crafted compressed data to a program that is linked to a vulnerable version of zlib to cause the corruption of internal memory segments, which could result in a denial of service against the affected program, memory leaks, or the execution of arbitrary code on the system.
Consequences:
Gain Privileges
Remedy:
Upgrade to the latest version of zlib (1.1.4 or later), available from the gzip Web page. See References.
For Red Hat Linux 6.2:
Upgrade to the latest version of zlib (1.1.3-25.6 or later) and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Red Hat Linux Errata Advisory RHSA-2002:026-35. See References.
For Red Hat Linux 7.0, 7.1, and 7.2:
Upgrade to the latest version of zlib (1.1.3-25.7 or later) and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Red Hat Linux Errata Advisory RHSA-2002:026-35. See References.
For Red Hat Powertools 6.2, 7.0, and 7.1:
Refer to Red Hat Linux Errata Advisory RHSA-2002:027-22 for upgrade information on programs that are statically linked to zlib or include a private copy of the zlib code. See References.
For Debian Linux 2.2 (potato):
Upgrade to the latest version of zlib (1.1.3-5.1 or later) and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in DSA-122-1. See References.
For EnGarde Secure Linux Community Edition:
Upgrade to the latest version of zlib (1.1.3-1.0.4 or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in EnGarde Secure Linux Security Advisory ESA-20020311-008. See References.
For SuSE Linux 6.4 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-575 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.0 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-571 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.1 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-570 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.2 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-573 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.3 (i386 Intel):
Upgrade to the latest version of libz (1.1.3-597 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.0 and 7.1 (Sparc):
Upgrade to the latest version of libz (1.1.3-406 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.3 (Sparc):
Upgrade to the latest version of libz (1.1.3-419 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 6.4 (AXP Alpha):
Upgrade to the latest version of libz (1.1.3-435 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.0 and 7.1 (AXP Alpha):
Upgrade to the latest version of libz (1.1.3-434 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.3 (PPC Power PC):
Upgrade to the latest version of libz (1.1.3-432 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 6.4 (PPC Power PC):
Upgrade to the latest version of libz (1.1.3-416 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For SuSE Linux 7.0 and 7.1 (PPC Power PC):
Upgrade to the latest version of libz (1.1.3-417 or later), as listed in SuSE Security Announcement SuSE-SA:2002:010, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in SuSE Security Announcement SuSE-SA:2002:011. See References.
For Mandrake Linux 7.1, 7.2, Corporate Server 1.0.1, and Single Network Firewall 7.2:
Upgrade to the latest version of zlib (1.1.3-11.1 or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:022, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in MandrakeSoft Security Advisory MDKSA-2002:023 : zlib-pkgs. See References.
For Mandrake Linux 8.0 and 8.1:
Upgrade to the latest version of zlib (1.1.3-16.1 or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:022, and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in MandrakeSoft Security Advisory MDKSA-2002:023 : zlib-pkgs. See References.
For OpenPKG 1.0:
Upgrade to the latest version of zlib (1.1.3-1.0.1 or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in OpenPKG Security Advisory OpenPKG-SA-2002.003. See References.
For Trustix Secure Linux 1.1, 1.2 and 1.5:
Upgrade to the latest version of zlib (1.1.4-1tr or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Trustix Secure Linux Security Advisory #2002-0040. See References.
For FreeBSD 4.5-STABLE and earlier (prior to 2002-02-23):
Upgrade to the the latest version of FreeBSD (4.5-STABLE dated after 2002-02-23), or apply the patch for this vulnerability, as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-02:18. See References.
For Cisco Cache Software/ACNS, ME1100, Cisco IDS, Metro 1500 DWDM, and Hosting Solution Engine (HSE):
Refer to Cisco Security Advisory: Vulnerability in the zlib Compression Library for upgrade or patch information. See References.
For TightVNC prior to 1.2.3:
Upgrade to the latest version of TightVNC (1.2.3 or later), available from the TightVNC Web site. See References.
For Conectiva Linux 5.0, prg graficos, and ecommerce:
Upgrade to the latest version of zlib (1.1.3-15U50_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.
For Conectiva Linux 5.1:
Upgrade to the latest version of zlib (1.1.3-15U51_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.
For Conectiva Linux 6.0:
Upgrade to the latest version of zlib (1.1.3-15U60_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.
For Conectiva Linux 7.0:
Upgrade to the latest version of zlib (1.1.3-15U70_1cl or later), and upgrade other programs as needed, that are statically linked to zlib or include a private copy of the zlib code, as listed in Conectiva Linux Announcement CLSA-2002:469. See References.
For Caldera OpenLinux Server and Workstation 3.1 and 3.1.1:
Upgrade to the latest version of libz (1.1.3-12 or later), and upgrade other programs as needed, that are statically linked to libz or include a private copy of the libz code, as listed in Caldera International, Inc. Security Advisory CSSA-2002-015.1. See References.
For Sun SDK and JRE:
Upgrade to the latest versions of SDK and JRE, as listed in Sun Microsystems, Inc. Security Bulletin #00220. See References.
For Sun Solaris:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 43541 for more information. See References.
Open Windows 3.6.1 (for Solaris 7): 108376-37 or later
Open Windows 3.6.2 (for Solaris 8): 108652-51 or later
Solaris 8: 112611-01 or later
Gnome 2.0 (for Solaris 8): 112611-01 or later
x86:
Open Windows 3.6.1 (for Solaris 7): 108377-33 or later
Open Windows 3.6.2 (for Solaris 8): 108653-41 or later
Solaris 8: 112612-01 or later
Gnome 2.0 (for Solaris 8): 112612-01 or later
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- BugTraq Mailing List, 2002-11-18 18:38:18: Re: Multiple vulnerabilities in Macromedia Flash ActiveX.
- BugTraq Mailing List, Mon Mar 11 2002 - 20:36:35 CST: zlibscan : script to find suid binaries possibly affected by zlib vulnerability.
- BugTraq Mailing List, Thu Mar 14 2002 - 11:52:13 CST: ZLib double free bug: Windows NT potentially unaffected.
- BugTraq Mailing List, Thu Mar 14 2002 - 16:25:26 CST: Re: about zlib vulnerability - Microsoft products.
- BugTraq Mailing List, Tue Mar 12 2002 - 03:57:29 CST: exploiting the zlib bug in openssh.
- BugTraq Mailing List, Tue Mar 12 2002 - 09:29:25 CST: zlib & java.
- BugTraq Mailing List, Tue Mar 12 2002 - 11:12:51 CST: Re: [VulnWatch] exploiting the zlib bug in openssh.
- BugTraq Mailing List, Tue Mar 12 2002 - 18:03:13 CST: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris.
- BugTraq Mailing List, Wed Mar 13 2002 - 17:46:02 CST: about zlib vulnerability.
- Caldera International, Inc. Security Advisory CSSA-2002-015.0: Linux: Double free in zlib (libz) vulnerability.
- Caldera International, Inc. Security Advisory CSSA-2002-015.1: Linux: REVISED: Double free in zlib (libz) vulnerability.
- CERT Advisory CA-2002-07: Double Free Bug in zlib Compression Library.
- CIAC Information Bulletin M-062: Double Free Bug in zlib Compression Library.
- Cisco Systems Inc. Security Advisory, 2002 April 03 16:00 (UTC +0000): Vulnerability in the zlib Compression Library.
- Conectiva Linux Announcement CLSA-2002:469: zlib double free() vulnerability.
- EnGarde Secure Linux Security Advisory ESA-20020311-008: Double free() in zlib may lead to buffer overflow..
- FreeBSD Security Advisory FreeBSD-SA-02:18: zlib double-free.
- FreeBSD Security Advisory FreeBSD-SA-02:18 v1.2: zlib double-free.
- gzip Web site: zlib Home site.
- NTBugTraq Mailing List, Mon, 18 Nov 2002 20:58:23 +0300: LOM: Multiple vulnerabilities in Macromedia Flash ActiveX.
- Sun Alert ID: 43541: Security issue with zlib (libz(3)) in Solaris and OpenWindows and GNOME.
- Sun Microsystems, Inc. Security Bulletin #00220: Double Free bug in zlib compression library.
- TightVNC Web site: TightVNC: Download Area.
- Trustix Secure Linux Security Advisory #2002-0040: double free() vulerability.
- VNC Security Bulletin 25 March 2002: Zlib double free issue.
- Zlib Advisory 2002-03-11: zlib Compression Library Corrupts malloc Data Structures via Double Free.
- BID-4267: ZLib Compression Library Heap Corruption Vulnerability
- CVE-2002-0059: The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a double free), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
- DSA-122: zlib -- malloc error (double free)
- MDKSA-2002:022: Updated zlib packages fix double free vulnerability
- MDKSA-2002:023: Updated zlib-related packages fix double free vulnerability
- MDKSA-2002:023-1: Updated zlib-related packages fix double free vulnerability
- MDKSA-2002:024: Updated rsync packages fix multiple vulnerabilities
- MDKSA-2002:024-1: Updated rsync packages fix multiple vulnerabilities
- OpenPKG-SA-2002.003: zlib
- RHSA-2002-026: Vulnerability in zlib library
- RHSA-2002-027: Vulnerability in zlib library (powertools)
- US-CERT VU#368819: Double Free Bug in zlib Compression Library Corrupts malloc`s Internal Data Structures
Platforms Affected:
- AT&T VNC Viewer and Server for Apple Newton
- AT&T VNC Viewer for Java
- Cisco Application and Content Networking Software
- Cisco Content Distribution Manager 4630
- Cisco Content Distribution Manager 4650
- Cisco Content Engine 507
- Cisco Content Engine 560
- Cisco Content Engine 590
- Cisco Content Engine 7320
- Cisco Content Router 4430
- Cisco Hosting Solution Engine 1.0
- Cisco Hosting Solution Engine 1.3
- Cisco IDS
- Cisco ME 1100
- Cisco Metro 1500 DWDM
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- Conectiva Linux 6.0
- Conectiva Linux 7.0
- Conectiva Linux ecommerce
- Conectiva Linux prg_graficos
- Debian Debian Linux 2.2
- EngardeLinux Secure Linux
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 4.1
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.5
- GNOME GNOME 2.0
- GNU zlib 1.0
- GNU zlib 1.0.1
- GNU zlib 1.0.2
- GNU zlib 1.0.3
- GNU zlib 1.0.4
- GNU zlib 1.0.5
- GNU zlib 1.0.6
- GNU zlib 1.0.7
- GNU zlib 1.0.8
- GNU zlib 1.0.9
- GNU zlib 1.1
- GNU zlib 1.1.1
- GNU zlib 1.1.2
- GNU zlib 1.1.3
- MandrakeSoft Mandrake Linux 7.1
- MandrakeSoft Mandrake Linux 7.2
- MandrakeSoft Mandrake Linux 8.0 PPC
- MandrakeSoft Mandrake Linux 8.0
- MandrakeSoft Mandrake Linux 8.1 IA64
- MandrakeSoft Mandrake Linux 8.1
- MandrakeSoft Mandrake Linux Corporate Server 1.0.1
- MandrakeSoft Mandrake Single Network Firewall 7.2
- Novell SuSE Linux Enterprise Server 7.0
- OpenPKG OpenPKG 1.0
- RedHat Linux 6.2
- RedHat Linux 7
- RedHat Linux 7.1
- RedHat Linux 7.2
- RedHat Linux 7.3
- RedHat Linux Powertools 6.2
- RedHat Linux Powertools 7.0
- RedHat Linux Powertools 7.1
- SCO Caldera OpenLinux Server 3.1.1
- SCO Caldera OpenLinux Workstation 3.1.1
- Sun JDK
- Sun JRE
- Sun OpenWindows 3.6.1
- Sun OpenWindows 3.6.2
- Sun SDK
- Sun Solaris 8
- SuSE SuSE eMail Server III
- SUSE SuSE Linux 6.4
- SUSE SuSE Linux 7.0
- SUSE SuSE Linux 7.1
- SUSE SuSE Linux 7.2
- SUSE SuSE Linux 7.3
- SuSE SuSE Linux Connectivity Server
- SuSE SuSE Linux Database Server
- SuSE SuSE Linux Firewall
- TightVNC TightVNC prior to 1.2.3
- Tridia Corporation TridiaVNC 1.5.4
- Trustix Secure Linux 1.1
- Trustix Secure Linux 1.2
- Trustix Secure Linux 1.5
- VNCThing VNCThing for Mac OS 8/9/X
Reported:
Mar 11, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
