Two possible vulnerabilities?
Mohacsi Janos
mohacsi at niif.hu
Thu Jul 1 06:29:31 PDT 2004
Dear all,
Browsing through the securityfocus vulnerability database I found
two items, that might interesting for the FreeBSD community:
1. GNU GNATS Syslog() Format String Vulnerability
http://www.securityfocus.com/bid/10609
GNATS is vital part of the PR handling of FreeBSD. I think security
officers should contact developers of GNU GNATS about this issue to resolve
the potential problem.
2. gzip: Insecure creation of temporary files
http://www.securityfocus.com/bid/10603
In reality this affects only znew and gzexe only gzip version prior
1.3.3-r4
I am not quite sure about the whether this vulnerability exist in the
current gzip 1.2.4, that is used in FreeBSD. According to the gzip page:
http://www.gzip.org - new official version will be posted soon....
Are there any plan to go forward gzip 1.3 ?
Best Regards,
Janos Mohacsi
Network Engineer, Research Associate
NIIF/HUNGARNET, HUNGARY
Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98
More information about the freebsd-security
mailing list