|
Vulnerability Development
mailing list archives
Re: New bugs discovered!
From: "Alex Butcher (vuln-dev)" <vulndev () cocoa demon co uk>
Date: Mon, 19 Nov 2001 09:29:37 +0000 (GMT)
On Sun, 18 Nov 2001, Nate Amsden wrote:
[ Executive summary: this is a problem that appears to be specific
to Linux distributions using obsolete versions of gzip, including
Slackware 7.1 and 8.0. Other problems *may* lurk in gzip, other
distros and therefore packages (including FTP servers) which make
use of gzip. ]
same here .. but gzip 1.2.4 :
[snip]
same results on debian 2.2r3(potato)
so not all "obsolete" versions of gzip are affected..
Yeah, Debian, like Red Hat (probably others too) frequently include
patches culled from mailing lists, their own code audits and so on,
meaning the version isn't a completely reliable guide to determining the
vulnerability or not of a given instance. This issue has arisen in the
past; perhaps it's time that the folks at Debian and Red Hat started
indicating more clearly that they've patched with their version numbers
(add an 's' suffix for security issues, 'b' for bugfixes, 'f' for
functionality, 'c' for compilation issues...)
nate
Best Regards,
Alex.
--
Alex Butcher Brainbench MVP for Internet Security: www.brainbench.com
Berkshire, UK Is *your* company hiring UNIX/Security/Pen. testing folks?
PGP/GnuPG ID:0x271fd950 http://www.cocoa.demon.co.uk/cv/
 By Date 
By Thread
Current thread:
|
Intro
