Vulnerabilities > CVE-2002-0059 - Double Free vulnerability in Zlib

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
zlib
CWE-415
critical
nessus

Summary

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2002-022.NASL
    descriptionMatthias Clasen found a security issue in zlib that, when provided with certain input, causes zlib to free an area of memory twice. This
    last seen2020-06-01
    modified2020-06-02
    plugin id13930
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13930
    titleMandrake Linux Security Advisory : zlib (MDKSA-2002:022)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-122.NASL
    descriptionThe compression library zlib has a flaw in which it attempts to free memory more than once under certain conditions. This can possibly be exploited to run arbitrary code in a program that includes zlib. If a network application running as root is linked to zlib, this could potentially lead to a remote root compromise. No exploits are known at this time. This vulnerability is assigned the CVE candidate name of CAN-2002-0059. The zlib vulnerability is fixed in the Debian zlib package version 1.1.3-5.1. A number of programs either link statically to zlib or include a private copy of zlib code. These programs must also be upgraded to eliminate the zlib vulnerability. The affected packages and fixed versions follow : - amaya 2.4-1potato1 - dictd 1.4.9-9potato1 - erlang 49.1-10.1 - freeamp 2.0.6-2.1 - mirrordir 0.10.48-2.1 - ppp 2.3.11-1.5 - rsync 2.3.2-1.6 - vrweb 1.5-5.1 Those using the pre-release (testing) version of Debian should upgrade to zlib 1.1.3-19.1 or a later version. Note that since this version of Debian has not yet been released it may not be available immediately for all architectures. Debian 2.2 (potato) is the latest supported release. We recommend that you upgrade your packages immediately. Note that you should restart all programs that use the shared zlib library in order for the fix to take effect. This is most easily done by rebooting the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id14959
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14959
    titleDebian DSA-122-1 : zlib - malloc error (double free)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2002-023.NASL
    descriptionMatthias Clasen found a security issue in zlib that, when provided with certain input, causes zlib to free an area of memory twice. This
    last seen2020-06-01
    modified2020-06-02
    plugin id13931
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13931
    titleMandrake Linux Security Advisory : zlib-pkgs (MDKSA-2002:023-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2002-024.NASL
    descriptionEthan Benson discovered a bug in rsync where the supplementary groups that the rsync daemon runs as (such as root) would not be removed from the server process after changing to the specified unprivileged uid and gid. This seems only serious if rsync is called using
    last seen2020-06-01
    modified2020-06-02
    plugin id13932
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13932
    titleMandrake Linux Security Advisory : rsync (MDKSA-2002:024)

Redhat

advisories
  • rhsa
    idRHSA-2002:026
  • rhsa
    idRHSA-2002:027

References