March 11th, 2002, 08:10 PM
zlib vulnerability; affects PPP Code in Linux Kernel
Significant Vulnerability Afflicts Linux Systems
Posted By: Dave Wreski
Today in a coordinated effort between all major Linux vendors, a vulnerability in the zlib library was announced, potentially affecting every installed Linux system in existance.
The vulnerability is rooted in the free() function and how it used. Quoting from the EnGarde Secure Linux advisory, "The zlib shared library may attempt to free() a memory region more then once, potentially yielding a system exploitable by certain programs that use it for decompression. Because certain packages include their own zlib implementation or statically link against the system zlib, several packages need to be updated to properly fix this bug."
This vulnerability will also affect some vendors shipping implementations of the open source library within their binary applications.
Packages including X11, rsync, the Linux kernel, QT, mozilla, gcc, vnc, and many other programs that have the ability to use network compression are potentially vulnerable.
The reason this particular vulnerability is so significant is because many programs implement their own particular version of the zlib library, statically linked with their code, and therefore inheriting the potential for exploit.
No known exploit is available for this vulnerability at this time, but the implications of this vulnerability are significant, and have the potential for remote compromise leading to root privileges on the server.
As vendors post their advisories, LinuxSecurity will continue to update this page and our site, directing the Linux and open source security communities to the authoritative information from their Linux vendor.
Common Vulnerabilities and Exposures entry for this vulnerability http://cve.mitre.org/cgi-bin/cvename...=CAN-2002-0059
EnGarde Secure Linux Advisory http://www.linuxsecurity.com/advisor...sory-1960.html
Thanks to Ryan W. Maple for assistance with this report. This page will be updated continually, as vendors file their vulnerability reports.
NewsForge is also covering this story.
March 13th, 2002, 03:20 PM
Other apps/services which contain the old code include:
Netscape (fix in the works)
the latest update about this so far is here : http://www.theregister.co.uk/content/5/24387.html