Two possible vulnerabilities?

From: Mohacsi Janos (mohacsi_at_niif.hu)
Date: 07/01/04

  • Next message: Jos Hörchner: "wrong security branch name?"
    Date: Thu, 1 Jul 2004 15:28:41 +0200 (CEST)
    To: freebsd-security@freebsd.org
    
    

    Dear all,
              Browsing through the securityfocus vulnerability database I found
    two items, that might interesting for the FreeBSD community:
    1. GNU GNATS Syslog() Format String Vulnerability
    http://www.securityfocus.com/bid/10609

    GNATS is vital part of the PR handling of FreeBSD. I think security
    officers should contact developers of GNU GNATS about this issue to resolve
    the potential problem.

    2. gzip: Insecure creation of temporary files
    http://www.securityfocus.com/bid/10603
    In reality this affects only znew and gzexe only gzip version prior
    1.3.3-r4

    I am not quite sure about the whether this vulnerability exist in the
    current gzip 1.2.4, that is used in FreeBSD. According to the gzip page:
    http://www.gzip.org - new official version will be posted soon....

    Are there any plan to go forward gzip 1.3 ?

    Best Regards,

    Janos Mohacsi
    Network Engineer, Research Associate
    NIIF/HUNGARNET, HUNGARY
    Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Jos Hörchner: "wrong security branch name?"

    Relevant Pages

    • FreeBSD Security Advisory FreeBSD-SA-06:21.gzip
      ... For general information regarding FreeBSD Security Advisories, ... including descriptions of the fields above, security branches, and the ... Multiple programming errors have been found in gzip which can be ...
      (FreeBSD-Security)
    • [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:21.gzip
      ... For general information regarding FreeBSD Security Advisories, ... including descriptions of the fields above, security branches, and the ... Multiple programming errors have been found in gzip which can be ...
      (freebsd-announce)
    • FreeBSD Security Advisory FreeBSD-SA-06:21.gzip
      ... For general information regarding FreeBSD Security Advisories, ... including descriptions of the fields above, security branches, and the ... Multiple programming errors have been found in gzip which can be ...
      (Bugtraq)
    • [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-05:11.gzip
      ... For general information regarding FreeBSD Security Advisories, ... Two problems related to extraction of files exist in gzip: ... files when uncompressing a file using the -N command line option. ...
      (freebsd-announce)
    • FreeBSD Security Advisory FreeBSD-SA-05:11.gzip
      ... For general information regarding FreeBSD Security Advisories, ... Two problems related to extraction of files exist in gzip: ... files when uncompressing a file using the -N command line option. ...
      (FreeBSD-Security)