Product
Solaris 7 Operating System

Bug Id
4644966, 4644859

Date of Workaround Release
28-MAR-2002

Date of Resolved Release
23-APR-2002

Impact

Depending upon how and where the zlib routines are called from an application which links with zlib, the resulting vulnerability may result in a denial of service, information leakage, or execution of arbitrary code.

A large number of free applications and libraries have been identified as using zlib at http://www.gzip.org/zlib/apps.html. Some of this freeware is shipped on the Solaris 8 Software Companion CD.

This issue is described in the CERT Vulnerability VU#368819 (see http://www.kb.cert.org/vuls/id/368819) which is referenced in CA-2002-07 (see http://www.cert.org/advisories/CA-2002-07.html).

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

• Open Windows 3.6.1 (for Solaris 7) with the following patches and without 108376-37

		107648-02 through 107648-09
		or
		107078-19
		or
		108376-01 through 108376-36

• Open Windows 3.6.2 (for Solaris 8) without patch 108652-51
• Solaris 8 without patch 112611-01
• Gnome 2.0 (for Solaris 8) without patch 112611-01

x86 Platform

• Open Windows 3.6.1 (for Solaris 7) with the following patches and without patch 108377-33

		107649-02 through 107649-09
		or
		107079-18
		or
		108377-01 through 108377-32

• Open Windows 3.6.2 (for Solaris 8) without patch 108653-41
• Solaris 8 without patch 112612-01
• Gnome 2.0 (for Solaris 8) without patch 112612-01

Notes 1: The vulnerable OpenWindows library (libz) was introduced into OpenWindows 3.6.1 in the feature patches listed above. Prior to installing the feature patch, OpenWindows 3.6.1 was not vulnerable.

Solaris 7 and earlier is not vulnerable to this issue as the Solaris libz library was not shipped in Solaris 7 and earlier.

Notes 2: The Web download version of GNOME 2.0 for Solaris 8 may install a vulnerable Solaris SUNWzlib package on systems which did not have the SUNWzlib package installed. Solaris 8 systems which were installed with the SUNWCprog, SUNWCuser, or SUNWCreq cluster do not include the SUNWzlib package. To determine which cluster was installed on a Solaris system, execute the following command:

	$ cat /var/sadm/system/admin/CLUSTER

To ensure the security vulnerability is resolved, the patches mentioned above must be installed after a GNOME 2.0 installation. Solaris 9 with GNOME 2.0 is not affected.

Symptoms

An application which links with zlib may be able to be killed when handling untrusted zipped input. There are no reliable symptoms to show arbitrary code has been inserted into a running program linked with zlib and executed.

Workaround

There is no workaround. Please see "Resolution" section below.

Resolution

This issue is addressed in the following releases:

SPARC Platform

• Open Windows 3.6.1 (for Solaris 7) with patch 108376-37 or later
• Open Windows 3.6.2 (for Solaris 8) with patch 108652-51 or later
• Solaris 8 with patch 112611-01 or later
• Gnome 2.0 (for Solaris 8) with patch 112611-01 or later

x86 Platform

• Open Windows 3.6.1 (for Solaris 7) with patch 108377-33 or later
• Open Windows 3.6.2 (for Solaris 8) with patch 108653-41 or later
• Solaris 8 with patch 112612-01 or later
• Gnome 2.0 (for Solaris 8) with patch 112612-01 or later

Modification History
Date: 15-APR-2002

• Updated Contributing Factors, Relief/Workaround and Resolution sections

Date: 23-APR-2002

• Date Closed: 23-Apr-2002
• Date Released: 28-Mar-2002, 23-Apr-2002
• Updated Contributing Factors, Relief/Workaround and Resolution sections

Date: 17-APR-2003

• Added GNOME information to Contributing Factors (see Notes 2)
• Updated Synopsis and Resolution section

References

108652-51
108376-37
112612-01
108653-41
112611-01
108377-33




Attachments

This solution has no attachment