Re: New bugs discovered!

From: Naseer Bhatti (naseer@fibre.net.pk)
Date: 11/19/01


Message-ID: <009401c1711e$043934a0$e73487cb@j9h6c3>
From: "Naseer Bhatti" <naseer@fibre.net.pk>
To: "Yaroslav Klyukin" <skintwin@softhome.net>, <GOBBLES@hushmail.com>
Subject: Re: New bugs discovered!
Date: Mon, 19 Nov 2001 22:16:56 +0500

It seems to be mostly vulnerable on all gzip versions,

[naseer@www naseer]$ cat /etc/redhat-release
Verio Enterprise Linux, based on Redhat Linux 6.x & 7.x

[naseer@www naseer]$ /bin/gzip `perl -e 'print "A" x 2048'`
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA [...]
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long
Segmentation fault (core dumped)

Still seems to be dangerous ..

----- Original Message -----
From: "Yaroslav Klyukin" <skintwin@softhome.net>
To: <GOBBLES@hushmail.com>
Cc: <vuln-dev@securityfocus.com>
Sent: Sunday, November 18, 2001 11:04 PM
Subject: Re: New bugs discovered!

> vuln-dev ΠΙΣΑΜ(Α):
>
> > GOBBLES security is happy to announce the discovery of multiple bugs in
> > /bin/gzip, which can be exploited remotely with a bit of creativity.
> > Attached is our advisory on the matter.
>
> Hey, I have tried
>
> /bin/gzip `perl -e 'print "A" x 2048'`
>
> On Linux and FreeBSD
> It didn't work.
>
> >
> >
> > Enjoy the knowledge and remember to use it responsible.
> >
> > The GOBBLES Team
> > www.bugtraq.org
> >
>
  ------------------------------------------------------------------------
> > Name: gzip-advisory.txt
> > gzip-advisory.txt Type: Plain Text (text/plain)
> > Encoding: 7bit
>
>



Relevant Pages