Some versions of ncompress contain a buffer-overflow vulnerability.
Versions 4.2.4 and earlier of ncompress do not properly handle filenames longer than 1023 characters.
By supplying long filenames to ncompress, an attacker may be able to gain local access to the server or force ncompress to execute arbitrary code.
Obtain a patch from your vendor.
Remove ncompress or remove execute permissions.
Thanks to Pavel Kankovsky for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
|Date First Published:||2002-08-01|
|Date Last Updated:||2002-08-10 19:45 UTC|