It seems to be mostly vulnerable on all gzip versions, [naseer@www naseer]$ cat /etc/redhat-release Verio Enterprise Linux, based on Redhat Linux 6.x & 7.x [naseer@www naseer]$ /bin/gzip `perl -e 'print "A" x 2048'` AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA [...] AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long Segmentation fault (core dumped) Still seems to be dangerous .. ----- Original Message ----- From: "Yaroslav Klyukin" <skintwinat_private> To: <GOBBLESat_private> Cc: <vuln-devat_private> Sent: Sunday, November 18, 2001 11:04 PM Subject: Re: New bugs discovered! > vuln-dev ΠΙΣΑΜ(Α): > > > GOBBLES security is happy to announce the discovery of multiple bugs in > > /bin/gzip, which can be exploited remotely with a bit of creativity. > > Attached is our advisory on the matter. > > Hey, I have tried > > /bin/gzip `perl -e 'print "A" x 2048'` > > On Linux and FreeBSD > It didn't work. > > > > > > > Enjoy the knowledge and remember to use it responsible. > > > > The GOBBLES Team > > www.bugtraq.org > > > ------------------------------------------------------------------------ > > Name: gzip-advisory.txt > > gzip-advisory.txt Type: Plain Text (text/plain) > > Encoding: 7bit > >
This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 13:05:33 PST