[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: buffer overflow in /bin/gzip?

On Wed, 21 Nov 2001, Guillaume Morin wrote:

>Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
>> in gzip.c
>> the line:
>> 	strcpy(nbuf,dir);
>> should maybe be replaced with:
>> 	strncpy(nbuf, dir,sizeof(nbuf));
>gzip runs with user privileges, therefore this is not a security

gzip is in vuln-dev for a buffer overflow in the argv handler.  Debian is 
apparently invulnerable, but it's a good thing to do everything we can to 
figure out more bugs in the flavor-of-the-month exploit target before the 
black hats do.  

I can be immature if I want to, because I'm mature enough to make my own 

Who is John Galt?  galt@inconnu.isu.edu

Reply to: