NetBSD: gzip Buffer overflow vulnerability


Author: JT Smith

Posted on “/usr/bin/gzip, a file compression program, does not properly check
supplied filenames against its buffer size. It could lead to
execution of arbitrary code under the privilege with which gzip is

There are ftp daemon programs that invoke gzip on demand (like wu-ftpd).
If your systems run these daemons, depending on the configuration it could
lead to a remote root compromise.”


  • Security