Vulnerability Note VU#176363
ncompress vulnerable to buffer overflow via long filename
Some versions of ncompress contain a buffer-overflow vulnerability.
Versions 4.2.4 and earlier of ncompress do not properly handle filenames longer than 1023 characters.
By supplying long filenames to ncompress, an attacker may be able to gain local access to the server or force ncompress to execute arbitrary code.
Obtain a patch from your vendor.
Remove ncompress or remove execute permissions.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian||Unknown||29 Jan 2002||31 Jul 2002|
|Hewlett-Packard Company||Unknown||29 Jan 2002||31 Jul 2002|
|IBM-zSeries||Unknown||29 Jan 2002||31 Jul 2002|
|MandrakeSoft||Unknown||29 Jan 2002||31 Jul 2002|
|Sequent||Unknown||29 Jan 2002||31 Jul 2002|
CVSS Metrics (Learn More)
Thanks to Pavel Kankovsky for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
- CVE IDs: Unknown
- Date Public: 20 Nov 2001
- Date First Published: 31 Jul 2002
- Date Last Updated: 10 Aug 2002
- Severity Metric: 0.92
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.