Description:
If one chooses to use the built-in zlib with MySQL 4.1.10, the version used is zlib
1.2.1. This version of zlib is known to contain a security hole. It is mentioned on the
zlib home page:
http://www.gzip.org/zlib/
with a pointer to the US CERT Vulnerability Note VU#238678:
http://www.kb.cert.org/vuls/id/238678
"Vulnerability Note VU#238678
The zlib compression library is vulnerable to a denial-of-service condition
Overview
Un-handled error conditions in the zlib compression library may allow an attacker to
cause a denial-of-service condition.
I. Description
There is a vulnerability in the error handling mechanisms of the decompression functions
in the zlib compression library. The decompression functions inflate() and inflateBack()
fail to handle certain error conditions properly. If an un-handled error condition is
raised, the application linked to zlib may abruptly and abnormally terminate. This
vulnerability may be exploited locally or remotely depending on the application being
attacked.
This issue exists in zlib versions 1.2.0.x and 1.2.x, other versions are not vulnerable.
II. Impact
A malicious user may be able to intentionally raise an un-handled error condition by
supplying the vulnerable functions with specially crafted compressed data. As a result,
applications linked to the zlib library may abruptly and abnormally terminate resulting
in a denial-of-service condition.
III. Solution
Check with Vendor
Users who suspect they are vulnerable are encouraged to check with their vendor to
determine the appropriate action to take. Please see the list of vendors we have notified
below.
Upgrade zlib
zlib 1.2.2 remedies this vulnerability. It is available at: http://www.zlib.net"
How to repeat:
Look at zlib/zlib.h:
solaris7 [.../MySQL/mysql-4.1.10/zlib] # grep "#define ZLIB_VERSION" zlib.h
#define ZLIB_VERSION "1.2.1"
Suggested fix:
Upgrade the version of the included zlib to zlib 1.2.2, as per the zlib site's
suggestion.
