Linux Security Flaw Found

A buffer overflow in a library common to all Linux systems could cause a serious security hole that would let those systems be remotely attacked and taken over, according to a security alert issued by Linux security firm Guardian Digital.

The flaw is in a system library called zlib, used for file decompression in the Linux kernel--so it affects all Linux distributions. Zlib also appears in the GNU Compiler Collection, the Mozilla Web browser, and the X11 windowing system, which provides Linux with a GUI, according to the alert from the Upper Saddle River, New Jersey-based firm.

There are no known exploits for this vulnerability, according to Guardian Digital. No one has reported an intruder breaking into a Linux system through this flaw. However, its security alert refers Linux users to the vendors of their distribution of the operating system for patches or fixes.

An update, zlib 1.1.4, that addresses the vulnerability has already been released by Zlib.org, the Web site where the zlib maintainers post information and updates. The writers urge that any software linking against or derived from an earlier version of zlib should be updated.

Patches Appear

Linux vendor SuSE has already revised its implementation of zlib for use with its products. It recommends applying the patch to versions 6.4, 7.0, 7.1, 7.2, and 7.3 of its distribution, as well as the SuSE Linux Database Server, eMail Server III, Firewall, Linux Connectivity Server, and Linux Enterprise Server 7.

Other vendors of Linux distributions are expected to take advantage of the zlib update and release patches for their applications soon.

A buffer overflow occurs when the working memory assigned to a program or task is deliberately overfilled. A cleverly crafted overflow can cause malicious code to be executed. In this case, programs that use the zlib component for network compression are vulnerable to attack due to the flaw, Guardian Digital said.

In fact, many programs do link to zlib, making the hole potentially quite serious, the alert said. Because of this, many different software packages will have to be updated or patched to fix the vulnerability, according to Guardian Digital.

Familiar Challenge

Competing OS developer Microsoft has also had to deal with potential vulnerabilities from buffer overflow problems recently. No exploits were reported for those holes, either. However, Microsoft issued in December a security bulletin and what it called "critical patches" for several versions of Windows because of flaws that left a Windows PC vulnerable to hackers when it was connected to the Internet.

Microsoft patched a similar hole in its Windows Media Player last November. A buffer-overflow vulnerability could let malicious attackers run programs on a victim's system, Microsoft said at the time.