Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_1

Bugtraq archives for 1st quarter (Jan-Mar) 1998: Re: GZEXE - the big problem

Re: GZEXE - the big problem

Theo de Raadt (deraadtCVS.OPENBSD.ORG)
Sat, 31 Jan 1998 11:07:01 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: hurtta+zzozone.FMI.FI: "Re: KSR[T] Advisory #7: filter"
Previous message: d00msterUSA.NET: "AT&T crowds project"
In reply to: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski: "GZEXE - the big problem"

> GZEXE, part of gzip package, is a small utility which allows
> 'transparent' compressio any kind of executables (just like pklite
> under ms-dos). Unfortunatelly, it may be extremally dangerous. Here's
> the shell script used to decompression:
>
> if /usr/bin/tail +$skip $0 | "/usr/bin"/gzip -cd > /tmp/gztmp$$; then...
> [...]                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> /tmp/gztmp$$ ${1+"$"}; res=3D$?
> ^^^^^^^^^^^^

This /tmp race was fixed in the OpenBSD back in August... looks like
OpenBSD 2.2 is not vulnerable.

Next message: hurtta+zzozone.FMI.FI: "Re: KSR[T] Advisory #7: filter"
Previous message: d00msterUSA.NET: "AT&T crowds project"
In reply to: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski: "GZEXE - the big problem"