November 30, 1999

NetBSD: gzip Buffer overflow vulnerability

Author: JT Smith

Posted on LinuxSecurity.com: "/usr/bin/gzip, a file compression program, does not properly check
supplied filenames against its buffer size. It could lead to
execution of arbitrary code under the privilege with which gzip is
running.

There are ftp daemon programs that invoke gzip on demand (like wu-ftpd).
If your systems run these daemons, depending on the configuration it could
lead to a remote root compromise."

Category:

  • Security
Click Here!