Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [RHSA-2002:026-35] Vulnerability in zlib library
From: Mark J Cox <mjc () redhat com>
Date: Wed, 13 Mar 2002 22:29:56 +0000 (GMT)

I have used find-zlib perl script [2] (linked from the zlib homepage [3])
to find out which programs use staticly linked zlib and got the
following output on "rpm" binary:

But not all programs that make use of zlib are actually vulnerable in a
useful way.  zlib is only used in RPM for the payload which is only
decompressed on package installation.  Therefore as far as I can tell this
could only be exploited if you are installing a trojan package.  There are
many easier ways for a trojan package to compromise your system.

Cheers, Mark
Mark J Cox / Red Hat / OpenSSL / Apache Software Foundation
mjc () redhat com // T: +44 798 061 3110 / F: +44 845 333 9533

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]