Re: fix for CVE-2010-0001, gzip-1.4 to be released shortly

bug-gzip

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fix for CVE-2010-0001, gzip-1.4 to be released shortly

From:	Jim Meyering
Subject:	Re: fix for CVE-2010-0001, gzip-1.4 to be released shortly
Date:	Mon, 01 Feb 2010 09:54:02 +0100

Mike Frysinger wrote:
> On Wednesday 20 January 2010 11:01:31 Jim Meyering wrote:
>> Here's the patch for CVE-2010-0001,
>> along with a test to exercise the offending code.
>>
>> I expect to release gzip-1.4 within the next few hours.
>>
>> From a3db5806d012082b9e25cc36d09f19cd736a468f Mon Sep 17 00:00:00 2001
>> From: Jim Meyering <address@hidden>
>> Date: Sun, 10 Jan 2010 17:13:01 +0100
>> Subject: [PATCH 1/2] gzip -d: do not clobber stack for valid input on
>>  x86_64
>>
>> * unlzw.c (unlzw): Avoid integer overflow.
>> Aki Helin reported the segfault along with an input to trigger the bug.
>
> this code applies unchanged (not surprisingly) to the original lzw
> implementation.  but the redhat bug report says that the issue doesnt apply to
> the original ncompress (4.2.4) implementation ?

Hi Mike,

I'm glad you checked.  If the buggy code is there, too, then maybe there's
an easy way to trigger a similar failure.  I tested "compress" and saw no
failure, and so didn't go through it in the debugger like I did for gzip.

> not sure if you want to just keep the inner details off of public lists ...

Considering the relatively limited exposure via ncompress,
it seems like it'd be ok to talk about it in public.
But if you've found an exploit, you'll have to judge.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: fix for CVE-2010-0001, gzip-1.4 to be released shortly, Jim Meyering <=
- Re: fix for CVE-2010-0001, gzip-1.4 to be released shortly, Mike Frysinger, 2010/02/02

Next by Date: Re: [PATCH] Fix "znew -K" to work without use of compress utility
Next by thread: Re: fix for CVE-2010-0001, gzip-1.4 to be released shortly
Index(es):
- Date
- Thread