From owner-freebsd-security Tue Mar 12 7:53:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 265A037B7DC; Tue, 12 Mar 2002 07:53:39 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1000) id C1A2D13667; Tue, 12 Mar 2002 10:52:16 -0500 (EST) Date: Tue, 12 Mar 2002 10:52:16 -0500 From: Chris Faulhaber To: Mike Tancsa Cc: "Brian F. Feldman" , "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) Message-ID: <20020312155216.GF94019@peitho.fxp.org> References: <20020312145337.GB35955@madman.nectar.cc> <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qp4W5+cUSnZs0RIF" Content-Disposition: inline In-Reply-To: <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca> User-Agent: Mutt/1.3.24i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --qp4W5+cUSnZs0RIF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 12, 2002 at 10:29:06AM -0500, Mike Tancsa wrote: >=20 > Hi, > Although it sounds like the bug is not exploitable on FreeBSD, is there a= =20 > potential for a Denial of Service still with systems prior to the Feb 22= =20 > commit? >=20 With phkmalloc(3), normally you will just get: progname in free(): error: chunk is already free unless the 'A' malloc option is set, then the program will abort(3) which could be considered a Denial of Service. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --qp4W5+cUSnZs0RIF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjyOJDAACgkQObaG4P6BelDZlACfVjxNM/KDwCn2L/QbIumsLwR/ leoAn2oFAZIvWRVf6JqZgsnHxaQVQeDA =XR4d -----END PGP SIGNATURE----- --qp4W5+cUSnZs0RIF-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message