• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NCompress Long Filename Buffer Overflow Vulnerability

It is reported that ncompress is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied data prior to copying it into a fixed-size memory buffer.

While this vulnerability isn't inherently dangerous from the command line, as the executable is not setuid, it could allow attackers with access to remote applications that utilize ncompress, to execute arbitrary code on the targeted server.

Versions 4.2.4 and earlier of ncompress are reportedly vulnerable to this issue.