On Wed, 21 Nov 2001, Guillaume Morin wrote: >Dans un message du 20 nov à 23:33, Anders Gjære écrivait : >> >> in gzip.c >> >> the line: >> strcpy(nbuf,dir); >> >> should maybe be replaced with: >> strncpy(nbuf, dir,sizeof(nbuf)); > >gzip runs with user privileges, therefore this is not a security >problem. >
gzip is in vuln-dev for a buffer overflow in the argv handler. Debian is apparently invulnerable, but it's a good thing to do everything we can to figure out more bugs in the flavor-of-the-month exploit target before the black hats do. -- I can be immature if I want to, because I'm mature enough to make my own decisions. Who is John Galt? [EMAIL PROTECTED]
