On Mon, Mar 18, 2002 at 08:16:11AM -0800, Jason DiCioccio wrote:
> I'm a bit confused now. So FreeBSD, 4.5-RELEASE is vulnerable? I

Yes, any software that uses libz is vulnerable to the double-free
bug (but not necessarily exploitable).

> am a bit unclear on this as I thought phkmalloc was not vulnerable
> to the double-free bug. Or does this only affect binaries
> statically linked with older revisions of libc and linux binaries?
>

Unlike some other malloc(3) implementations, phkmalloc is not believed
to be exploitable. However, the side effects of the double-free bug
in libz may include an application crashing due to the decompression
of invalid data, warnings from phkmalloc, and applications
abort(3)'ing if the 'A' malloc option is used.

-- 
Chris D. Faulhaber - jedgarfxp.org - jedgarFreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve

iEYEARECAAYFAjyWE9IACgkQObaG4P6BelDBwQCgklAvrRfuOkFq0nOeYZ/KafPL vJIAniEEHArnzUk4X9Sj1MZtBAS05zgM =BXJi -----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]