> GOBBLES security is happy to announce the discovery of multiple bugs in > /bin/gzip, which can be exploited remotely with a bit of creativity. > Attached is our advisory on the matter. > > Enjoy the knowledge and remember to use it responsible. > > The GOBBLES Team > www.bugtraq.org Tested on Debian Potato: $ /bin/gzip --version gzip 1.2.4 (18 Aug 93) Compilation options: DIRENT UTIME STDC_HEADERS HAVE_UNISTD_H ASMV $ /bin/gzip `perl -e 'print "A" x 2048'` AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA [many 'A's snipped] AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long
This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 08:30:15 PST