Author: JT Smith
Posted on LinuxSecurity.com: “/usr/bin/gzip, a file compression program, does not properly check
supplied filenames against its buffer size. It could lead to
execution of arbitrary code under the privilege with which gzip is
running.
supplied filenames against its buffer size. It could lead to
execution of arbitrary code under the privilege with which gzip is
running.
There are ftp daemon programs that invoke gzip on demand (like wu-ftpd).
If your systems run these daemons, depending on the configuration it could
lead to a remote root compromise.”
Category:
- Security
