SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (File Transfer/Sharing)  >   Gzip Vendors:   [Multiple Authors/Vendors]
(Debian Issues Fix) Gzip File Compression Utility Buffer Overflow Used By Many FTP Servers Allows Remote Users to Execute Arbitrary Code on the FTP Server
SecurityTracker Alert ID:  1003206
SecurityTracker URL:  http://securitytracker.com/id/1003206
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 13 2002
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): gzip 1.2.4
Description:   A buffer overflow vulnerability was reported in the gzip file compression utility, used by many FTP servers to allow remote users to compress files for download. On those affected FTP servers, a remote user may execute arbitrary code.

A buffer overlow reportedly exists in /bin/gzip. A local user can supply a long file name (longer than the 1024 byte buffer) to trigger the overflow and cause arbitrary code to be executed with the privileges of the user or process calling /bin/gzip. If this is a local user, then there is no vulnerability. If this is an FTP server (or other type of server process) that is calling /bin/gzip on behalf of a remote user, then there may be a vulnerability.

It is reported that many FTP servers use /bin/gzip for file compression and, therefore, allow remote users to execute arbitrary code by invoking gzip on a long file name. The code will execute with the privileges of the FTP server.

The specific FTP servers that are affected were not reported.

[Editor's note: We have categorized this as "Application (File Transfer)" rather than "Application (Generic)" because the buffer overflow in the gzip application only creates a vulnerability when used by FTP (or other) server processes in response to a remote user's actions.]

Impact:   A remote user may execute arbitrary code with the privileges of the process using gzip. If the process using gzip is a remote FTP server, then the remote user can execute arbitrary code on the FTP server with the privileges of the FTP server process.
Solution:   The vendor reports that the Debian version of gzip from the stable release does not segfault under the conditions described in the original alert. However, Debian has prepared a fix just to be safe.

Please make sure you are running an up-to-date version from stable/unstable/testing with at least version 1.2.4-33.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato

Source archives:
http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4-33.1.diff.gz
MD5 checksum: e5669c5bbb138dbf1c522337aab58fc8
http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4-33.1.dsc
MD5 checksum: 55f3382aebcf5e1b83b3e4004864f15c
http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4.orig.tar.gz
MD5 checksum: b94b3e07797e0cbf3622bb2fe5682f0b

Alpha architecture:

http://security.debian.org/dists/stable/updates/main/binary-alpha/gzip_1.2.4-33.1_alpha.deb
MD5 checksum: 725078383b4716acf7bcf1bb85f2ab7d

ARM architecture:

http://security.debian.org/dists/stable/updates/main/binary-arm/gzip_1.2.4-33.1_arm.deb
MD5 checksum: 4d949c3e3e770384fae6feed805fd08b

Intel ia32 architecture:

http://security.debian.org/dists/stable/updates/main/binary-i386/gzip_1.2.4-33.1_i386.deb
MD5 checksum: b61176ee1953b528e50268995e6c2505

Motorola 680x0 architecture:

http://security.debian.org/dists/stable/updates/main/binary-m68k/gzip_1.2.4-33.1_m68k.deb
MD5 checksum: 61fb17bebf8ee72a087b13df4800d8e7

PowerPC architecture:

http://security.debian.org/dists/stable/updates/main/binary-powerpc/gzip_1.2.4-33.1_powerpc.deb
MD5 checksum: c59b537fed3dadc84d630b3033112781

Sun Sparc architecture:

http://security.debian.org/dists/stable/updates/main/binary-sparc/gzip_1.2.4-33.1_sparc.deb
MD5 checksum: d375736c6e46f185354b608ec11d5e0d


These files will probably be moved into the stable distribution on its next revision.

Vendor URL:  www.debian.org/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Debian)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 19 2001 Gzip File Compression Utility Buffer Overflow Used By Many FTP Servers Allows Remote Users to Execute Arbitrary Code on the FTP Server



 Source Message Contents

Date:  Sun, 13 Jan 2002 11:08:59 +0100 (CET)
Subject:  [SECURITY] [DSA 100-1] New gzip packages fix potential buffer overflow


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 100-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 13th, 2002  
- --------------------------------------------------------------------------

Package        : gzip
Vulnerability  : Potential buffer overflow
Problem-Type   : local
Debian-specific: no

GOBBLES found a buffer overflow in gzip that occurs when compressing
files with really long filenames.  Even though GOBBLES claims to have
developed an exploit to take advantage of this bug, it has been said
by others that this problem is not likely to be exploitable as other
security incidents.

Additionally, the Debian version of gzip from the stable release does
not segfault, and hence does not directly inherit this problem.
However, better be safe than sorry, so we have prepared an update for
you.

Please make sure you are running an up-to-date version from
stable/unstable/testing with at least version 1.2.4-33.

wget url
	will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
- ------------------------------------

  Source archives:

    http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4-33.1.diff.gz
      MD5 checksum: e5669c5bbb138dbf1c522337aab58fc8
    http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4-33.1.dsc
      MD5 checksum: 55f3382aebcf5e1b83b3e4004864f15c
    http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4.orig.tar.gz
      MD5 checksum: b94b3e07797e0cbf3622bb2fe5682f0b

  Alpha architecture:

    http://security.debian.org/dists/stable/updates/main/binary-alpha/gzip_1.2.4-33.1_alpha.deb
      MD5 checksum: 725078383b4716acf7bcf1bb85f2ab7d

  ARM architecture:

    http://security.debian.org/dists/stable/updates/main/binary-arm/gzip_1.2.4-33.1_arm.deb
      MD5 checksum: 4d949c3e3e770384fae6feed805fd08b

  Intel ia32 architecture:

    http://security.debian.org/dists/stable/updates/main/binary-i386/gzip_1.2.4-33.1_i386.deb
      MD5 checksum: b61176ee1953b528e50268995e6c2505

  Motorola 680x0 architecture:

    http://security.debian.org/dists/stable/updates/main/binary-m68k/gzip_1.2.4-33.1_m68k.deb
      MD5 checksum: 61fb17bebf8ee72a087b13df4800d8e7

  PowerPC architecture:

    http://security.debian.org/dists/stable/updates/main/binary-powerpc/gzip_1.2.4-33.1_powerpc.deb
      MD5 checksum: c59b537fed3dadc84d630b3033112781

  Sun Sparc architecture:

    http://security.debian.org/dists/stable/updates/main/binary-sparc/gzip_1.2.4-33.1_sparc.deb
      MD5 checksum: d375736c6e46f185354b608ec11d5e0d


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8QVy6W5ql+IAeqTIRAqGRAJ9k5Ni7zBMuNM5lrI3rYUVJpajTlgCfVjC1
0+Q5M7veoM2Mr7/WhJIvo2I=
=ZFaW
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC