Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Pavel Kankovsky (peakargo.troja.mff.cuni.cz)
Date: Fri Jun 29 2001 - 03:23:38 CDT
There is a trivial stack buffer overflow in ncompress 4.2.4 and presumably
most older versions (but I doubt anyone is using them). Give it a filename
longer than 1023 chars and see both compress and uncompress go down in
flames (this one is pretty easy to spot, just look at the beginning of
comprexx(); if you want a patch, you can find it in ). Red Hat, up to
the most recent Raw Hide is affected. Debian is safe, because it does not
include the package (probably due to the stupid LZW patent).
There used to be a similar problem in gzip (unpatched 1.2.4) but the
overflow happened in BSS rather than on the stack (). As far as I can
tell, version 1.3 included in RH 7.0+ and its clones, has this bug fixed
but older version (like the still supported 6.2) are affected. Debian is
still using 1.2.4 but they patched it a long time ago.
Bzip2 is probably as bad as its two friends .
Perfectionism dictating no program should ever crash aside, this is also
a security risk when these programs get there filename from an untrusted
party. One particularly attractive opportunity is a "smart" FTP server
that can run them upon the client's request , e.g. wu-ftpd, together
with an ability to upload files. As far as I know, no one has published an
exploit yet--there are many technical obstacles (e.g. wu-ftpd limits the
size of every command to 1/2 kB or something like that), but I think I am
quite close to putting all pieces together. This is bad news for anyone
providing FTP-only accounts, and we have not discussed other ways to
exploit those bugs yet.
Conclusion: If you neglect to fix old bugs for a long time (perhaps
because they look irrelevant), they will come back and bite you.
 Date: Sat, 15 Apr 2000 23:39:01 +0100
From: Antonomasia <antnotatla.demon.co.uk>
Subject: Re: ncompress-4.2.4 race condition
 Date: Thu, 25 Dec 1997 15:20:40 +0100
From: "Michal Zalewski" <lcamtufPOLBOX.COM>
Subject: Gzip & segmentation faults
 Date: Mon, 22 Jun 1998 16:14:03 -0700 (PDT)
From: Zach Brown <zabzabbo.net>
Subject: a quick peek at bzip2
 Date: Sat, 20 Jun 1998 21:48:47 +0100 (BST)
From: Chris Evans <chrisferret.lmh.ox.ac.uk>
Subject: ~ftp/bin integrity?
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."