COMMAND

	gzip buffer overflow may lead in root compromise

SYSTEMS AFFECTED

	gzip 1.2.4

PROBLEM

	In            MadrakeSoft            advisory             MDKSA-2002:011
	[http://www.mandrakesecure.net/en/advisories/] :
	

	There are two problems with the gzip archiving program; the first  is  a
	crash when an input file name is over 1020 characters,  and  the  second
	is a buffer overflow that could be exploited if gzip is run on a  server
	such as an FTP server. The patch applied is  from  the  gzip  developers
	and the problems have been fixed in the latest beta.

SOLUTION

	Get patch from :
	

	http://www.gzip.org/#patch

	

	Diff below :
	

	--- gzip-1.2.4/gzip.c	Thu Aug 19 15:39:43 1993

	+++ gzip-1.2.4b/gzip.c	Tue Jan  8 21:44:18 2002

	@@ -1005,7 +1005,14 @@

	 #ifdef NO_MULTIPLE_DOTS

	     char *dot; /* pointer to ifname extension, or NULL */

	 #endif

	+    int max_suffix_len = (z_len > 3 ? z_len : 3);

	 

	+    /* Leave enough room in ifname or ofname for suffix: */

	+    if (strlen(iname) >= sizeof(ifname) - max_suffix_len) {

	+        strncpy(ifname, iname, sizeof(ifname) - 1);

	+	/* last byte of ifname is already zero and never overwritten */

	+        error(\"file name too long\");

	+    }

	     strcpy(ifname, iname);

	 

	     /* If input file exists, return OK. */