Ethereal

enpa-sa-00002
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Application Notes | Summary | Details

Summary

Name: Zlib "double free" vulnerability

Docid: enpa-sa-00002

Date: March 23, 2002

Versions affected: All (see below)

Severity: High

Details

Description:

Ethereal uses the Zlib data compression library to read compressed trace files. Prior to version 1.1.4, it was possible to pass data to zlib that would cause it to free memory twice. By default, Ethereal is linked with zlib at compile time. In order to determine if your version of Ethereal is linked with zlib, do one of the following:

Either action will display the libraries that Ethereal and Tethereal are linked with, along with their respective versions. If libz is listed, and its version is less than 1.1.4, it is vulnerable.

Impact:

It is possible that arbitrary code could be run by the Ethereal or Tethereal executables if a carefully constructed trace file were read by either application.

Resolution:

On most systems, Ethereal is dynamically linked with libz, and upgrading the library is sufficient. Some systems (primarily Windows) are linked with a static version of libz, and the Ethereal executable must be replaced. Updated Windows binaries will be provided on the Ethereal web site shortly.

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.