Re: FreeBSD Ports Security Advisory FreeBSD-SA-02:18.zlib

From: Chris Faulhaber (jedgar@fxp.org)
Date: 03/18/02


Date: Mon, 18 Mar 2002 11:20:34 -0500
From: Chris Faulhaber <jedgar@fxp.org>
To: "Jason DiCioccio (reply)" <geniusj+categories.replies@bluenugget.net>


On Mon, Mar 18, 2002 at 08:16:11AM -0800, Jason DiCioccio wrote:
> I'm a bit confused now. So FreeBSD, 4.5-RELEASE is vulnerable? I

Yes, any software that uses libz is vulnerable to the double-free
bug (but not necessarily exploitable).

> am a bit unclear on this as I thought phkmalloc was not vulnerable
> to the double-free bug. Or does this only affect binaries
> statically linked with older revisions of libc and linux binaries?
>

Unlike some other malloc(3) implementations, phkmalloc is not believed
to be exploitable. However, the side effects of the double-free bug
in libz may include an application crashing due to the decompression
of invalid data, warnings from phkmalloc, and applications
abort(3)'ing if the 'A' malloc option is used.

-- 
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Relevant Pages

  • Re: What do you dislike about OSX?
    ... is is when you claim that OS X is derivative of FreeBSD. ... about *other people* not needing to have all windows visible at all times. ... Most end users don't even know the bug exists. ... offer reasons for me to change my mind. ...
    (comp.sys.mac.advocacy)
  • RE: Anthonys drive issues.Re: ssh password delay
    ... The dmesg you sent indicated that the 2 disks were negotiating at ... > possible cause in the universe before blaming it on FreeBSD. ... to take the risk of it being hardware, ... believe is that it's a bug in the FreeBSD driver. ...
    (freebsd-questions)
  • Re: Support for 5.x (Was: Re: What about BIND 9.3.4 in FreeBSD in base system ?)
    ... Handling other people's send-pr bug input would be boring ... I've filed some send-pr diffs years back & not seen action, ... so if the FreeBSD Foundation ever has spare ...
    (FreeBSD-Security)
  • Re: Do we need this junk?
    ... I have an 1742A if any developer needs it for bug chasing. ... It's a full length card. ... To counter Nikolas' `stats' argument to abandon much hardware support: ... There's scanners with FreeBSD embedded inside: ...
    (freebsd-current)
  • cvs-src summary for November 8-15
    ... It is intended to help the FreeBSD community keep up with the fast-paced ... You can get old summaries, and an HTML version of this one, at ... sf driver gets polling and ALTQ support ... Xin Li committed a fix to pppd, the PPP daemon, to a bug ...
    (freebsd-current)