From owner-freebsd-security  Tue Apr  9  6: 1: 3 2002
Delivered-To: freebsd-security@freebsd.org
Received: from topperwein.dyndns.org (acs-24-154-28-203.zoominternet.net [24.154.28.203])
	by hub.freebsd.org (Postfix) with ESMTP id 2F1A837B400
	for <security@freebsd.org>; Tue,  9 Apr 2002 06:00:57 -0700 (PDT)
Received: from topperwein (topperwein [192.168.168.10])
	by topperwein.dyndns.org (8.11.6/8.11.6) with ESMTP id g39D0v305759
	for <security@freebsd.org>; Tue, 9 Apr 2002 09:00:57 -0400 (EDT)
	(envelope-from behanna@zbzoom.net)
Date: Tue, 9 Apr 2002 09:00:52 -0400 (EDT)
From: Chris BeHanna <behanna@zbzoom.net>
Reply-To: Chris BeHanna <behanna@zbzoom.net>
To: FreeBSD Security <security@freebsd.org>
Subject: Re: zlib double-free security notification
In-Reply-To: <20020409095832.A3374@straylight.oblivion.bg>
Message-ID: <20020409085638.C5710-100000@topperwein.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, 9 Apr 2002, Peter Pentchev wrote:

> On Mon, Apr 08, 2002 at 09:03:44PM -0700, X Philius wrote:
> > Security Folks,
> > Are there any exploits out there that take advantage of this hole? I am
> > running 4.4 Release, and have been watching the security notifications
> > list for patches that I *really* need to run. So, if I want to keep
> > things as simple as possible, would you recomend patching to fix this
> > issue? If it is just a matter of possible DOS issues, versus actual
> > known exploits, I'll probably skip it.
>
> "Simple DoS issues" might result in killing a server you do not want
> killed, thus (theoretically) denying access to important services
> and maybe the machine itself.  In truth, right now I cannot remember
> if there were any such announced vulnerabilities that could result
> in killing off a whole service, but.. better safe than sorry, I'd say..

    Unless you have configured malloc() to dump core in a double-free
situation, FreeBSD cannot be DoS'd in this manner.  Double-free errors
generate warnings by default.

    Note that applications running under Linux emulation, however,
could still be DoS'd, given that the GNU implementation of malloc()
(in glibc)is indeed vulnerable.  In fact, of the systems I've tested
(FreeBSD 4.5-STABLE, Solaris 8, Microsoft Visual C++ 6.0, Red Hat 7.0,
and Cygwin 1.32), only those that use glibc's malloc() (i.e., Red Hat and
Cygwin) are vulnerable.

    The test is trivial:  write a short C program that mallocs a
pointer and then frees it twice.  If it dumps core, you're vulnerable.

-- 
Chris BeHanna
Software Engineer                   (Remove "bogus" before responding.)
behanna@bogus.zbzoom.net
I was raised by a pack of wild corn dogs.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message