Date: Tue, 12 Mar 2002 10:52:16 -0500 From: Chris Faulhaber <jedgar@fxp.org> To: Mike Tancsa <mike@sentex.net> Cc: "Brian F. Feldman" <green@FreeBSD.ORG>, "Jacques A. Vidrine" <nectar@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) Message-ID: <20020312155216.GF94019@peitho.fxp.org> In-Reply-To: <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca> References: <20020312145337.GB35955@madman.nectar.cc> <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Tue, Mar 12, 2002 at 10:29:06AM -0500, Mike Tancsa wrote: > > Hi, > Although it sounds like the bug is not exploitable on FreeBSD, is there a > potential for a Denial of Service still with systems prior to the Feb 22 > commit? > With phkmalloc(3), normally you will just get: progname in free(): error: chunk is already free unless the 'A' malloc option is set, then the program will abort(3) which could be considered a Denial of Service. -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjyOJDAACgkQObaG4P6BelDZlACfVjxNM/KDwCn2L/QbIumsLwR/ leoAn2oFAZIvWRVf6JqZgsnHxaQVQeDA =XR4d -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020312155216.GF94019>