Note: This is an archival copy of Security Sun Alert 200550 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000418.1.
Article ID : 1000418.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-10-16
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Solaris zlib(libz(3)) Compression Library Function gzprintf()



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 8 Operating System

Bug Id
4822658

Date of Resolved Release
22-OCT-2003

Impact

Applications which are linked with "zlib" and utilize the gzprintf() function may be susceptible to a security vulnerability which could result in a denial of service, information leakage, or execution of arbitrary code due to a buffer overflow in the "zlib" gzprintf() function.

Sun does not distribute any applications with the Solaris Operating Environment which are linked with "zlib" and call gzprintf(). A large number of free applications and libraries have been identified as using "zlib" at http://www.gzip.org/zlib/apps.html. Some of this freeware is distributed on the Solaris Software Companion CDs but none is known to be vulnerable to this issue at this time.

This issue is described in CERT Vulnerability VU#142121 (see http://www.kb.cert.org/vuls/id/142121).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 112611-02
  • Solaris 9 without patch 115754-02

x86 Platform

  • Solaris 8 without patch 112612-02
  • Solaris 9 without patch 115755-02

Note 1: libz is not distributed with Solaris 7 or earlier releases.

Note 2: For a short period, patches 115754-01 and 115755-01 were available that purported to address this issue. However, this was not the case and 115754-02 and 115755-02 are required to address this issue as shown above.


Symptoms

There are no predictable symptoms that would show the described issue has been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 112611-02 or later
  • Solaris 9 with patch 115754-02 or later

x86 Platform

  • Solaris 8 with patch 112612-02 or later
  • Solaris 9 with patch 115755-02 or later


Modification History

References

112611-02
112612-02
115754-02
115755-02




Attachments
This solution has no attachment