Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Apr 2002 09:00:52 -0400 (EDT)
From:      Chris BeHanna <behanna@zbzoom.net>
To:        FreeBSD Security <security@freebsd.org>
Subject:   Re: zlib double-free security notification
Message-ID:  <20020409085638.C5710-100000@topperwein.dyndns.org>
In-Reply-To: <20020409095832.A3374@straylight.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 9 Apr 2002, Peter Pentchev wrote:

> On Mon, Apr 08, 2002 at 09:03:44PM -0700, X Philius wrote:
> > Security Folks,
> > Are there any exploits out there that take advantage of this hole? I am
> > running 4.4 Release, and have been watching the security notifications
> > list for patches that I *really* need to run. So, if I want to keep
> > things as simple as possible, would you recomend patching to fix this
> > issue? If it is just a matter of possible DOS issues, versus actual
> > known exploits, I'll probably skip it.
>
> "Simple DoS issues" might result in killing a server you do not want
> killed, thus (theoretically) denying access to important services
> and maybe the machine itself.  In truth, right now I cannot remember
> if there were any such announced vulnerabilities that could result
> in killing off a whole service, but.. better safe than sorry, I'd say..

    Unless you have configured malloc() to dump core in a double-free
situation, FreeBSD cannot be DoS'd in this manner.  Double-free errors
generate warnings by default.

    Note that applications running under Linux emulation, however,
could still be DoS'd, given that the GNU implementation of malloc()
(in glibc)is indeed vulnerable.  In fact, of the systems I've tested
(FreeBSD 4.5-STABLE, Solaris 8, Microsoft Visual C++ 6.0, Red Hat 7.0,
and Cygwin 1.32), only those that use glibc's malloc() (i.e., Red Hat and
Cygwin) are vulnerable.

    The test is trivial:  write a short C program that mallocs a
pointer and then frees it twice.  If it dumps core, you're vulnerable.

-- 
Chris BeHanna
Software Engineer                   (Remove "bogus" before responding.)
behanna@bogus.zbzoom.net
I was raised by a pack of wild corn dogs.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020409085638.C5710-100000>