Vulnerability Development mailing list archives

Re: New bugs discovered!

From: The Itch <itchie () bse die ms>
Date: Mon, 19 Nov 2001 18:06:52 +0100 (CET)

ah, yes and so are /usr/bin/compress, /usr/bin/uncompress and /bin/zcat
and /bin/gunzip vulnerable to simple buffer overflows.

(Compress version: (N)compress 4.2.4, compiled: Mon Feb  7 16:15:44 EST 2000)
(zcat 1.2.4 (18 Aug 93))

this is on redhat 6.2

uncompress and compress are called by wuftpd (maybe other ftpd's too) to
compress and uncompress files on the fly

I quickly looked into it a few months ago, i am not sure, but i believe
maximum input you can give is 1024 bytes in wuftpd, thus not enough to
overflow the buffers of either of those programs

(more detailed info: http://bse.die.ms/~itchie/stuff/advisories/advbse01.txt)

On Sun, 18 Nov 2001, vuln-dev wrote:

GOBBLES security is happy to announce the discovery of multiple bugs in 
/bin/gzip, which can be exploited remotely with a bit of creativity.  
Attached is our advisory on the matter. 

Enjoy the knowledge and remember to use it responsible. 

The GOBBLES Team
www.bugtraq.org


-- 

- The Itch
        http://bse.die.ms

Current thread:

Re: New bugs discovered!, (continued)
- - - Re: New bugs discovered! Valdis . Kletnieks (Nov 19)
- Re: New bugs discovered! InterceptiX Security (Nov 19)
  - Re: New bugs discovered! Ron DuFresne (Nov 19)
- Re: New bugs discovered! Meritt James (Nov 19)
- Re: New bugs discovered! GomoR (Nov 19)
  - Re: New bugs discovered! sy4n (Nov 19)
- Re: New bugs discovered! jnf (Nov 19)
  - Re: New bugs discovered! Syzop (Nov 19)
- Re: New bugs discovered! X (Nov 19)
  - Re: New bugs discovered! Croquette Friskies (Nov 19)
- Re: New bugs discovered! The Itch (Nov 19)
  - Re: New bugs discovered! Alex Butcher (vuln-dev) (Nov 20)
- RE: New bugs discovered! dave . goldsmith (Nov 19)
- RE: New bugs discovered! DePriest, Jason R. (Nov 19)