Bugtraq mailing list archives
Re: [RHSA-2002:026-35] Vulnerability in zlib library
From: Mark J Cox <mjc () redhat com>
Date: Wed, 13 Mar 2002 22:29:56 +0000 (GMT)
I have used find-zlib perl script [2] (linked from the zlib homepage [3]) to find out which programs use staticly linked zlib and got the following output on "rpm" binary:
But not all programs that make use of zlib are actually vulnerable in a useful way. zlib is only used in RPM for the payload which is only decompressed on package installation. Therefore as far as I can tell this could only be exploited if you are installing a trojan package. There are many easier ways for a trojan package to compromise your system. Cheers, Mark -- Mark J Cox / Red Hat / OpenSSL / Apache Software Foundation mjc () redhat com // T: +44 798 061 3110 / F: +44 845 333 9533
Current thread:
- Re: [RHSA-2002:026-35] Vulnerability in zlib library helmut g. katzgraber (Mar 12)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Tomasz Ostrowski (Mar 13)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Mark J Cox (Mar 13)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Pavel Kankovsky (Mar 14)
- <Possible follow-ups>
- [RHSA-2002:026-35] Vulnerability in zlib library bugzilla (Mar 13)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Tomasz Ostrowski (Mar 13)