SkipNavigation
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric



 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#176363

ncompress vulnerable to buffer overflow via long filename

Overview

Some versions of ncompress contain a buffer-overflow vulnerability.

I. Description

Versions 4.2.4 and earlier of ncompress do not properly handle filenames longer than 1023 characters.

II. Impact

By supplying long filenames to ncompress, an attacker may be able to gain local access to the server or force ncompress to execute arbitrary code.

III. Solution

Obtain a patch from your vendor.

Remove ncompress or remove execute permissions.

Systems Affected

VendorStatusDate NotifiedDate Updated
DebianUnknown31-Jul-2002
Hewlett-Packard CompanyUnknown31-Jul-2002
IBM-zSeriesUnknown31-Jul-2002
MandrakeSoftUnknown31-Jul-2002
SequentUnknown31-Jul-2002

References


http://security-archive.merton.ox.ac.uk/security-audit-200106/0008.html

Credit

Thanks to Pavel Kankovsky for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

Date Public:2001-11-20
Date First Published:2002-07-31
Date Last Updated:2002-08-10
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:0.92
Document Revision:10

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader