Vulnerability Development mailing list archives

Re: New bugs discovered!

From: Caiaphas Pechorin <caiaphas () operamail com>
Date: Mon, 19 Nov 2001 13:00:57 +0545 (NPT)

GOBBLES security is happy to announce the discovery of multiple bugs in
/bin/gzip, which can be exploited remotely with a bit of creativity.
Attached is our advisory on the matter.

Enjoy the knowledge and remember to use it responsible.

The GOBBLES Team
www.bugtraq.org


Tested on Debian Potato:

$ /bin/gzip --version
gzip 1.2.4 (18 Aug 93)
Compilation options:
DIRENT UTIME STDC_HEADERS HAVE_UNISTD_H ASMV

$ /bin/gzip `perl -e 'print "A" x 2048'`
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
[many 'A's snipped]
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long

Current thread:

Re: New bugs discovered!, (continued)
- - Re: New bugs discovered! Naseer Bhatti (Nov 19)
- Re: New bugs discovered! Larry W. Cashdollar (Nov 18)
  - Re: New bugs discovered! Syzop (Nov 19)
  - Re[2]: New bugs discovered! Mariusz Mazur (Nov 19)
- Re: New bugs discovered! Chris D. Sloan (Nov 18)
- Re: New bugs discovered! c0n (Nov 18)
  - Re: New bugs discovered ! Baba Bogdan (Nov 19)
  - Re: New bugs discovered! Brent Wrisley (Nov 19)
    - Re: New bugs discovered! Joep Vesseur (Nov 19)
  - Re: New bugs discovered! Ferdinand herve (Nov 19)
- Re: New bugs discovered! Caiaphas Pechorin (Nov 19)
  - Re: New bugs discovered! Cabezon Aurélien (Nov 19)
- Re: New bugs discovered! Bernhard Rosenkraenzer (Nov 19)
  - Re: New bugs discovered! Baba Bogdan (Nov 19)
    - Re: New bugs discovered! Ciprian Csordas (Nov 19)
  - Re: New bugs discovered! Chris Ess (Nov 19)
    - Re: New bugs discovered! Bernhard Rosenkraenzer (Nov 19)
    - Re: New bugs discovered! Valdis . Kletnieks (Nov 19)
- Re: New bugs discovered! InterceptiX Security (Nov 19)
  - Re: New bugs discovered! Ron DuFresne (Nov 19)
- Re: New bugs discovered! Meritt James (Nov 19)

(Thread continues...)