Security Bulletins

zlib Remote Buffer Overflow Vulnerability

Background

zlib is a compression library used in many different network services (including SSH), applications, and operating systems. A bounds-checking error was discovered in zlib that could be exploited to cause software to crash or execute arbitrary code.

Impact

A remote attacker could exploit a network service to execute code with the privileges of the service. An attacker could also craft a malicious compressed file that, when decompressed by a user, executes code as that user.

Platforms Affected

Several major Linux and BSD distributions have released advisories, but Solaris, Mac OS X, and other Unix-based operating systems are very likely affected.

Windows applications can also use zlib. After the last zlib vulnerability was announced, researchers showed that Microsoft Office, Internet Explorer, DirectX, Messenger, and Front Page all contained zlib code and could be vulnerable.

Local Observations

Numerous systems on our university networks use zlib. We have not yet seen any compromises that we know to have been caused by this vulnerability.

UISO Recommendations

The only known solution is to follow your vendors' instructions to upgrade the zlib library and ensure that any programs and applications are using the upgraded version. Links to several vendor advisories appear below in the Further Reading section. You may have to watch your vendors' web sites or contact them directly to find out how to fix this vulnerability.

Workarounds

None known.

Further Reading