Zlib compression library double free bug could allow arbitrary code
Risk
High
Date Discovered
03-11-2002
Description
There is a programming error in the zlib compression library used by
many versions of software. Under the proper circumstances an attacker
may be able to manipulate a system call in such a manner as to create a
denial of service condition or potentially allow arbitrary code to be
run on the targeted system. Such code would run with the permissions of
the affected program to include root.
The zlib compression library is an open-source loss less data-compression
library that can be used on virtually any computer hardware and operating system
to provide in-memory compression and decompression functions. Zlib has been
ported and modified to work on a wide variety of operating systems and
applications.
A bug in the zlib compression library has been posted and widely
discussed that can cause programs linked to zlib to be vulnerable. Under certain
circumstances segments of dynamically allocated memory may be attempted to be de-allocated
(freed up) twice, i.e., a specially crafted segment of compressed data
can cause an allocated chunk of memory that is freed or de-allocated by a system
call to return an unexpected memory error. A subsequent system call then
attempts to free the same chunk of memory a second time. In most instances, this
will result in a denial of service when the application crashes. However, there
is a potential that this vulnerability could be manipulated by an attacker to
run arbitrary code with the permission of the affected application. If the
application runs with privileged access this could result in a critical
compromise of the targeted system.
This vulnerability potentially affects a multitude of operating systems and
applications that either contain the zlib application or dynamically link to the
zlib application.
Not all affected applications have been found and patched yet.
There is a partial list of over 500 know zlib applications located at http://www.gzip.org/zlib/apps.html.
If you do not know or if you suspect you may be using a vulnerable version of
zlib, Symantec recommends contacting your vendor for update information
Platforms Affected
Multiple
Components Affected
Freeware zlib compression library prior to 1.1.4
Recommendations
Patches
Freeware zlib compression library Patch RedHat
patches for zlib
http://www.redhat.com/support/errata/RHSA-2002-026.html
RedHat Security Advisory RHSA-2002-026 The rpm(s)
update the zlib compression library containing the
double free bug vulnerability. Most packages in RedHat
Linux use the shared zlib library and can be protected
against vulnerability by updating to the errata zlib
package. However, RedHat has identified a number of
packages in RedHat Linux that either statically link
to zlib or contain an internal version of zlib code.
Please refer to the appropriate RedHat errata advisory
for additional information on affected packages. Download
the rpm version appropriate for your version of RedHat
Linux. This upgrade addresses the double free
vulnerability that exists with all version of zlib
prior to 1.1.4.
Freeware zlib compression library Patch S.u.S.E.
Patches for zlib
http://www.suse.de/de/support/security/2002_011_libz_packages_txt.html
S.u.S.E. Security Announcement - SuSE-SA:2002:011
Download the update package for your distribution
and verify. Then, install the package using the command
"rpm -Fhv file.rpm" to apply the update. Freeware zlib
compression library Patch Mandrake patches
for zlib
MandrakeSoft Security Advisory - MDKSA-2002:023
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-022.php
Select the appropriate version of your software
and download.
Freeware zlib compression library Patch IBM
AIX Upgrades for zlib
http://www-1.ibm.com/servers/aix/products/aixos/linux/date.html
IBM AIX zlib 1.1.4 upgrade IBM recommends upgrading
your zlib file to zlib version 1.1.4 or latter.
Upgrades
Freeware zlib compression library Upgrade Zlib
1.1.4 Upgrade
http://www.zlib.org
References
Source: Red Hat RHSA-2002:026-35
URL: Security Advisory
Source: CERT CA-2002-07
URL: Advisory
Source: Security Focus.com 4267
URL: BugTraq
Source: CVE CAN-2002-0059
URL: Mitre
Copyright (c) 2008 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.
Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.
| 
