Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New bugs discovered!

From: Robert Jaroszuk <shf () nsm pl>
Date: Mon, 19 Nov 2001 15:28:09 +0100
On Sun, 18 Nov 2001, Yaroslav Klyukin wrote:

; vuln-dev ?????(?):
; 
; > GOBBLES security is happy to announce the discovery of multiple bugs in
; > /bin/gzip, which can be exploited remotely with a bit of creativity.
; > Attached is our advisory on the matter.
; 
; Hey, I have tried
; 
; /bin/gzip `perl -e 'print "A" x 2048'`
; 
; On Linux and FreeBSD
; It didn't work.

I have tested it on Debian 2.2:
[15:20](shf@equinox shf)$ gzip -V
gzip 1.2.4 (18 Aug 93)
Compilation options:
DIRENT UTIME STDC_HEADERS HAVE_UNISTD_H ASMV
[15:20](shf@equinox shf)$ gzip `perl -e "print 'A'x2048"`
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
.
.
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long
[15:21](shf@equinox shf)$

No segfault...

Also tested it on Slackware 8.0:
$ gzip -V
gzip 1.2.4 (18 Aug 93)
Compilation options:
DIRENT UTIME STDC_HEADERS HAVE_UNISTD_H ASMV
$ gzip `perl -e "print 'A'x2048"`
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
.
.
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long
Segmentation fault
$


   shf

--
............... Robert Jaroszuk - <shf () nsm pl> ...............
GCS/O d? s: a--- C+++ UL++++$ P+ L+++>++++ E- W- N+ !K w--- O- 
M- V- PS+ PE Y(+) PGP-(+) t-- X- R tv-- b++>++++ DI+ D h(!) !r 
... Najznamienitszy wojownik wygrywa bez walki. (Sun Tzu). ...

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: