zlib vulnerability affects erlang

Matthias Lang <>
Mon Mar 11 23:55:51 CET 2002


Hi,

I swiped this from the debian security mailing list. It appears to affect
Erlang, since Erlang includes the vulnerable version of zlib,
certainly open source R8B-0 does. See also

   http://www.gzip.org/zlib/advisory-2002-03-11.txt

Seems pretty far-fetched that someone could come up with an exploit
for this, though, there are fatter fish to fry.

Matthias

--------------------------------------------------------------------------
Debian Security Advisory DSA 122-1                     
http://www.debian.org/security/                              Michael Stone
March 11th, 2002
--------------------------------------------------------------------------

Package        : zlib, various
Vulnerability  : malloc error (double free)
Problem-Type   : potential remote root
Debian-specific: no

The compression library zlib has a flaw in which it attempts to free
memory more than once under certain conditions. This can possibly be
exploited to run arbitrary code in a program that includes zlib. If a
network application running as root is linked to zlib, this could
potentially lead to a remote root compromise. No exploits are known at
this time. This vulnerability is assigned the CVE candidate name of
CAN-2002-0059.



More information about the erlang-questions mailing list