On Sun, 18 Nov 2001, Yaroslav Klyukin wrote: ; vuln-dev ?????(?): ; ; > GOBBLES security is happy to announce the discovery of multiple bugs in ; > /bin/gzip, which can be exploited remotely with a bit of creativity. ; > Attached is our advisory on the matter. ; ; Hey, I have tried ; ; /bin/gzip `perl -e 'print "A" x 2048'` ; ; On Linux and FreeBSD ; It didn't work. I have tested it on Debian 2.2: [15:20](shf@equinox shf)$ gzip -V gzip 1.2.4 (18 Aug 93) Compilation options: DIRENT UTIME STDC_HEADERS HAVE_UNISTD_H ASMV [15:20](shf@equinox shf)$ gzip `perl -e "print 'A'x2048"` AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA . . AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long [15:21](shf@equinox shf)$ No segfault... Also tested it on Slackware 8.0: $ gzip -V gzip 1.2.4 (18 Aug 93) Compilation options: DIRENT UTIME STDC_HEADERS HAVE_UNISTD_H ASMV $ gzip `perl -e "print 'A'x2048"` AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA . . AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long Segmentation fault $ shf -- ............... Robert Jaroszuk - <shfat_private> ............... GCS/O d? s: a--- C+++ UL++++$ P+ L+++>++++ E- W- N+ !K w--- O- M- V- PS+ PE Y(+) PGP-(+) t-- X- R tv-- b++>++++ DI+ D h(!) !r ... Najznamienitszy wojownik wygrywa bez walki. (Sun Tzu). ...
This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 09:32:55 PST