• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NCompress Long Filename Buffer Overflow Vulnerability

Solution:
Gentoo Linux has released advisory GLSA 200410-08 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge sync
emerge -pv ">=app-arch/ncompress-4.2.4-r1"
emerge ">=app-arch/ncompress-4.2.4-r1"
Please see the referenced advisory for further information.

RedHat has released advisory RHSA-2004:536-05 to address this issue in RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information.

Avaya has made an advisory available (ASA-2005-015) dealing with this issue for various products. In all cases Avaya recommends that ncompress be removed from their affected software, as it is not required for execution. All Avaya hardware affected by this issue will have the vulnerable packages removed from future versions. For more information, please see the referenced security advisory.