zlib vulnerability affects erlang
Matthias Lang
matthias@REDACTED
Mon Mar 11 23:55:51 CET 2002
Hi,
I swiped this from the debian security mailing list. It appears to affect
Erlang, since Erlang includes the vulnerable version of zlib,
certainly open source R8B-0 does. See also
http://www.gzip.org/zlib/advisory-2002-03-11.txt
Seems pretty far-fetched that someone could come up with an exploit
for this, though, there are fatter fish to fry.
Matthias
--------------------------------------------------------------------------
Debian Security Advisory DSA 122-1 security@REDACTED
http://www.debian.org/security/ Michael Stone
March 11th, 2002
--------------------------------------------------------------------------
Package : zlib, various
Vulnerability : malloc error (double free)
Problem-Type : potential remote root
Debian-specific: no
The compression library zlib has a flaw in which it attempts to free
memory more than once under certain conditions. This can possibly be
exploited to run arbitrary code in a program that includes zlib. If a
network application running as root is linked to zlib, this could
potentially lead to a remote root compromise. No exploits are known at
this time. This vulnerability is assigned the CVE candidate name of
CAN-2002-0059.
More information about the erlang-questions
mailing list