Vulnerability Development mailing list archives
Re: New bugs discovered!
From: "Nate Amsden" <subscriptions () graphon com>
Date: Sun, 18 Nov 2001 22:32:27 -0800 (PST)
[ Executive summary: this is a problem that appears to be specific to Linux distributions using obsolete versions of gzip, including Slackware 7.1 and 8.0. Other problems *may* lurk in gzip, other distros and therefore packages (including FTP servers) which make use of gzip. ]
same here .. but gzip 1.2.4 : aphro@shadow:~$ gzip -V gzip 1.2.4 (18 Aug 93) aphro@shadow:~$ /bin/gzip `perl -e 'print "A" x 2048'` AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA! AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA! AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long debian 3.0 (woody) same results on debian 2.2r3(potato) so not all "obsolete" versions of gzip are affected.. only thing in the changelog i notice that may affect this behavior is this: -- Bdale Garbee <bdale () gag com> Thu, 4 Sep 1997 22:46:28 -0600 gzip (1.2.4-15) stable frozen unstable; urgency=low * fix minor security issue - race condition reported on bugtraq list * rework debian/rules to build with debugging then strip (note the date - 1997 ) i even bumped up the number of As from 2048 to 130000 and still no segfault. nate -- Nate Amsden System Administrator GraphOn (Sent using Squirrelmail! 1.2.0rc2)
Current thread:
- New bugs discovered! vuln-dev (Nov 18)
- Re: New bugs discovered! Alex Butcher (vuln-dev) (Nov 18)
- Re: New bugs discovered! Nate Amsden (Nov 19)
- Re: New bugs discovered! Alex Butcher (vuln-dev) (Nov 19)
- Re: New bugs discovered! Roger Burton West (Nov 19)
- Re: New bugs discovered! Fabio Roccatagliata (Nov 19)
- Re: New bugs discovered! Respect (Nov 19)
- Re: New bugs discovered! Nate Amsden (Nov 19)
- Re: New bugs discovered! Alex Butcher (vuln-dev) (Nov 18)
- Re: New bugs discovered! Yaroslav Klyukin (Nov 18)
- Re: New bugs discovered! Crist J. Clark (Nov 19)
- Re: New bugs discovered! Robert Jaroszuk (Nov 19)
- Re: New bugs discovered! Naseer Bhatti (Nov 19)
- Re: New bugs discovered! Larry W. Cashdollar (Nov 18)
- Re: New bugs discovered! Syzop (Nov 19)