Vulnerability Development mailing list archives
Re: New bugs discovered!
From: Robert Jaroszuk <shf () nsm pl>
Date: Mon, 19 Nov 2001 15:28:09 +0100
On Sun, 18 Nov 2001, Yaroslav Klyukin wrote: ; vuln-dev ?????(?): ; ; > GOBBLES security is happy to announce the discovery of multiple bugs in ; > /bin/gzip, which can be exploited remotely with a bit of creativity. ; > Attached is our advisory on the matter. ; ; Hey, I have tried ; ; /bin/gzip `perl -e 'print "A" x 2048'` ; ; On Linux and FreeBSD ; It didn't work. I have tested it on Debian 2.2: [15:20](shf@equinox shf)$ gzip -V gzip 1.2.4 (18 Aug 93) Compilation options: DIRENT UTIME STDC_HEADERS HAVE_UNISTD_H ASMV [15:20](shf@equinox shf)$ gzip `perl -e "print 'A'x2048"` AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA . . AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long [15:21](shf@equinox shf)$ No segfault... Also tested it on Slackware 8.0: $ gzip -V gzip 1.2.4 (18 Aug 93) Compilation options: DIRENT UTIME STDC_HEADERS HAVE_UNISTD_H ASMV $ gzip `perl -e "print 'A'x2048"` AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA . . AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long Segmentation fault $ shf -- ............... Robert Jaroszuk - <shf () nsm pl> ............... GCS/O d? s: a--- C+++ UL++++$ P+ L+++>++++ E- W- N+ !K w--- O- M- V- PS+ PE Y(+) PGP-(+) t-- X- R tv-- b++>++++ DI+ D h(!) !r ... Najznamienitszy wojownik wygrywa bez walki. (Sun Tzu). ...
Attachment:
_bin
Description:
Current thread:
- New bugs discovered! vuln-dev (Nov 18)
- Re: New bugs discovered! Alex Butcher (vuln-dev) (Nov 18)
- Re: New bugs discovered! Nate Amsden (Nov 19)
- Re: New bugs discovered! Alex Butcher (vuln-dev) (Nov 19)
- Re: New bugs discovered! Roger Burton West (Nov 19)
- Re: New bugs discovered! Fabio Roccatagliata (Nov 19)
- Re: New bugs discovered! Respect (Nov 19)
- Re: New bugs discovered! Nate Amsden (Nov 19)
- Re: New bugs discovered! Alex Butcher (vuln-dev) (Nov 18)
- Re: New bugs discovered! Yaroslav Klyukin (Nov 18)
- Re: New bugs discovered! Crist J. Clark (Nov 19)
- Re: New bugs discovered! Robert Jaroszuk (Nov 19)
- Re: New bugs discovered! Naseer Bhatti (Nov 19)
- Re: New bugs discovered! Larry W. Cashdollar (Nov 18)
- Re: New bugs discovered! Syzop (Nov 19)
- Re[2]: New bugs discovered! Mariusz Mazur (Nov 19)
- Re: New bugs discovered! Chris D. Sloan (Nov 18)
- Re: New bugs discovered! c0n (Nov 18)
- Re: New bugs discovered ! Baba Bogdan (Nov 19)
- Re: New bugs discovered! Brent Wrisley (Nov 19)
- Re: New bugs discovered! Joep Vesseur (Nov 19)
- Re: New bugs discovered! Ferdinand herve (Nov 19)