Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » ZLib heap corruption vulnerability

ZLib heap corruption vulnerability

by Nikola Strahija on March 27th, 2003 A heap corruption vulnerability has been found in the zlib compression library. Version 1.1.4, which is not vulnerable, has been released. Arbitrary code may be executed if critical values such as function return addresses, GOT entries, etc., are overwritten.


Under some circumstances, a block of dynamically allocated memory may have the 'free()' routine called on it twice. This may occur during decompression.

An exploitable condition may result if the 'free()' function is used on memory that has already been freed. Under some circumstances, it is possible for an attacker to manipulate data layout in the heap so that an arbitrary word in memory is overwritten with a custom value when 'free()' is called for the second time.

By itself, this condition is not a vulnerability. An attacker must identify a program linked to the library or using vulnerable code with higher privileges, or running on a remote machine. The attacker must also locate a method through which the condition may be triggered (for example, by supplying compressed data as input).

Vulnerable:
zlib 1.0 to 1.1.3 and possibly all products that use this compression library

Not vulnerable:
zlib 1.1.4

Solution:

Zlib version 1.1.4 is downloadable from:
- http://www.gzip.org/zlib/


Other patches and fixes are available for:

Compaq Tru64 5.1 a PK3 (BL3) users:
ftp://ftp1.support.compaq.com/public/unix/v5.1a/

FreeBSD users:
- http://www.xatrix.org/article1262.html

HP Secure OS software for Linux 1.0:
- http://itrc.hp.com/

Mandrake users:
- http://www.xatrix.org/article2822.html
- http://www.mandrakesecure.net/en/ftp.php

NetBSD users:
- http://www.xatrix.org/article2894.html

RedHat users:
- http://www.xatrix.org/article1288.html

SCO OpenLinux users:
- http://www.xatrix.org/article2790.html

SGI Irix users:
- ftp://patches.sgi.com/support/free/security/patches/

Trustix users:
- http://www.xatrix.org/article1257.html

RealNetworks Real Server users:
- http://www.service.real.com/help/faq/security/compressionlibrary.html


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »