MiniGZip Controls File_Compress Buffer Overflow Vulnerability
BID:22964
Info
MiniGZip Controls File_Compress Buffer Overflow Vulnerability
| Bugtraq ID: | 22964 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1657 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 14 2007 12:00AM |
| Updated: | May 12 2015 07:33PM |
| Credit: | starcadi is credited with the discovery of this vulnerability. |
| Vulnerable: |
Jean-loup Gailly minigzip 0 |
| Not Vulnerable: | |
Discussion
MiniGZip Controls File_Compress Buffer Overflow Vulnerability
The 'minigzip' tool is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
A local attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial of service.
The 'minigzip' tool is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
A local attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial of service.
Exploit / POC
MiniGZip Controls File_Compress Buffer Overflow Vulnerability
The following proof-of-concept exploit is available:
minigzip `perl -e 'print 'A'x1050'
The following proof-of-concept exploit is available:
minigzip `perl -e 'print 'A'x1050'
Solution / Fix
MiniGZip Controls File_Compress Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
MiniGZip Controls File_Compress Buffer Overflow Vulnerability
References:
References:
- Minigzip Homepage (Jean-loup Gailly)