|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mark J Cox (mjc
redhat.com)Date: Wed Mar 13 2002 - 16:29:56 CST
> I have used find-zlib perl script [2] (linked from the zlib homepage [3])
> to find out which programs use staticly linked zlib and got the
> following output on "rpm" binary:
But not all programs that make use of zlib are actually vulnerable in a
useful way. zlib is only used in RPM for the payload which is only
decompressed on package installation. Therefore as far as I can tell this
could only be exploited if you are installing a trojan package. There are
many easier ways for a trojan package to compromise your system.
Cheers, Mark
-- Mark J Cox / Red Hat / OpenSSL / Apache Software Foundation mjc
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]