Re: FreeBSD Ports Security Advisory FreeBSD-SA-02:18.zlib

From: Chris Faulhaber (jedgar@fxp.org)
Date: 03/18/02


Date: Mon, 18 Mar 2002 11:20:34 -0500
From: Chris Faulhaber <jedgar@fxp.org>
To: "Jason DiCioccio (reply)" <geniusj+categories.replies@bluenugget.net>


On Mon, Mar 18, 2002 at 08:16:11AM -0800, Jason DiCioccio wrote:
> I'm a bit confused now. So FreeBSD, 4.5-RELEASE is vulnerable? I

Yes, any software that uses libz is vulnerable to the double-free
bug (but not necessarily exploitable).

> am a bit unclear on this as I thought phkmalloc was not vulnerable
> to the double-free bug. Or does this only affect binaries
> statically linked with older revisions of libc and linux binaries?
>

Unlike some other malloc(3) implementations, phkmalloc is not believed
to be exploitable. However, the side effects of the double-free bug
in libz may include an application crashing due to the decompression
of invalid data, warnings from phkmalloc, and applications
abort(3)'ing if the 'A' malloc option is used.

-- 
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message