From owner-freebsd-security Tue Mar 12 8: 0:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 92CA637B8FC for ; Tue, 12 Mar 2002 07:59:08 -0800 (PST) Received: from simoeon.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by smtp1.sentex.ca (8.11.6/8.11.6) with ESMTP id g2CFtJp83997; Tue, 12 Mar 2002 10:55:19 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020312104817.0649e0c0@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 12 Mar 2002 10:49:31 -0500 To: Chris Faulhaber From: Mike Tancsa Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20020312155216.GF94019@peitho.fxp.org> References: <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca> <20020312145337.GB35955@madman.nectar.cc> <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is this possible to happen in kernel space as well (e.g. somewhere in the networking code) ? And if so, would that constitute a panic ? ---Mike At 10:52 AM 3/12/02 -0500, Chris Faulhaber wrote: >On Tue, Mar 12, 2002 at 10:29:06AM -0500, Mike Tancsa wrote: > > > > Hi, > > Although it sounds like the bug is not exploitable on FreeBSD, is there a > > potential for a Denial of Service still with systems prior to the Feb 22 > > commit? > > > >With phkmalloc(3), normally you will just get: > >progname in free(): error: chunk is already free > >unless the 'A' malloc option is set, then the program will >abort(3) which could be considered a Denial of Service. > >-- >Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org >-------------------------------------------------------- >FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message