Debian Security Advisory
gzip -- gzexe allows running arbitrary programs
- Date Reported:
- 14 May 1998
- Affected Packages:
- gzip
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
- We were told by Michal Zalewski that gzexe as shipped with gzip uses an insecure method decompressing executables on the fly opening a way of calling arbitrary programs.
- Fixed in:
- Intel - (in release 1.3) 1.2.4-26.1 All - (in release 2.0) 1.2.4-27