Hi everybody,
I'm sure some of you have heard about the zlib double free vulnerability published yesterday (Slashdot, News.com, SecurityFocus, ...).
While being quite familiar with the security issues discussed on bugtraq and other sources I still ask myself whether this possible vulnerability affects a LAMP server, leaving the system open for attacks from outside using http(s).
I'm not concerned about attacks from inside because I'm the only user on the system. Other attacks seem unlikely as well because only http and https are tunneled through the firewall.
The system is Linux 2.2, PHP 4.0.6 --with-zlib, MySQL 2.23 and Apache 1.3.20.
Can anybody here speculate or even prove whether there is/isn't a possible vulnerability? My guess is that this is not the case because zlib is only used for "output" but it does not accept "input" through the webpages. Though it might happen that an invalid zlib compressed picture (or similar) might crash apache I believe it to be unlikely to grant access to the system. Opinions?
Thanks in advance,
Dominique
