Results 1 to 2 of 2

Thread: Updates on the new zlib GNU vulnerability

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001

    Cool Updates on the new zlib GNU vulnerability

    Under some circumstances, a block of dynamically allocated memory may have the 'free()' routine called on it twice. This may occur during decompression.

    An exploitable condition may result if the 'free()' function is used on memory that has already been freed. Under some circumstances, it is possible for an attacker to manipulate data layout in the heap so that an arbitrary word in memory is overwritten with a custom value when 'free()' is called for the second time.

    Arbitrary code may be executed if critical values such as function return addresses, GOT entries, etc., are overwritten.

    By itself, this condition is not a vulnerability. An attacker must identify a program linked to the library or using vulnerable code with higher privileges, or running on a remote machine. The attacker must also locate a method through which the condition may be triggered (for example, by supplying compressed data as input).

    Several programs use zlib or vulnerable code borrowed from the library, including:

    SSH / OpenSSH
    popt / rpm
    the Linux Kernel

    It should be noted that a similar vulnerability was reported in LBNL Traceroute. It was generally believed that this condition was not exploitable until proof of concept exploits were posted by two independent security researchers.

    Source: http://www.xatrix.org/modules.php?op...thread&order=1

    hmm i didnt know one vulnerability could cause so much problem...

    Related AO link:


  2. #2
    Join Date
    Oct 2001
    Good post s0nic, Thanks for the info

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts