CVE-2001-1413

Name of the Vulnerable Software and Affected Versions ncompress versions 4.2.4 and earlier

Description A stack-based buffer overflow issue exists in the comprexx function of ncompress. This issue may allow remote attackers to execute arbitrary code via a long filename argument, particularly in situations that cross security boundaries, such as when used in an FTP server.

Recommendations For ncompress versions 4.2.4 and earlier, consider restricting access to the comprexx function until a patch is available. As a temporary workaround, avoid using long filename arguments in situations that could be exploited by remote attackers. At the moment, there is no information about a newer version that contains a fix for this issue.