Re: New bugs discovered!

["Naseer Bhatti" <naseer () fibre net pk>]

It seems to be mostly vulnerable on all gzip versions,

[naseer@www naseer]$ cat /etc/redhat-release
Verio Enterprise Linux, based on Redhat Linux 6.x & 7.x

[naseer@www naseer]$ /bin/gzip `perl -e 'print "A" x 2048'`
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA [...]
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long
Segmentation fault (core dumped)

Still seems to be dangerous ..


----- Original Message -----
From: "Yaroslav Klyukin" <skintwin () softhome net>
To: <GOBBLES () hushmail com>
Cc: <vuln-dev () securityfocus com>
Sent: Sunday, November 18, 2001 11:04 PM
Subject: Re: New bugs discovered!


> vuln-dev писал(а):
>
> > GOBBLES security is happy to announce the discovery of multiple bugs in
> > /bin/gzip, which can be exploited remotely with a bit of creativity.
> > Attached is our advisory on the matter.
>
> Hey, I have tried
>
> /bin/gzip `perl -e 'print "A" x 2048'`
>
> On Linux and FreeBSD
> It didn't work.
>
> > Enjoy the knowledge and remember to use it responsible.
> >
> > The GOBBLES Team
> > www.bugtraq.org
  ------------------------------------------------------------------------
> >                         Name: gzip-advisory.txt
> >    gzip-advisory.txt    Type: Plain Text (text/plain)
> >                     Encoding: 7bit