[18851] in bugtraq
Re: jazip 0.32 local exploit
daemon@ATHENA.MIT.EDU (Peter S Galbraith)
Mon Jan 29 04:06:51 2001
Message-Id: <200101262005.PAA05078@mixing.qc.dfo.ca>
Date: Fri, 26 Jan 2001 15:05:18 -0500
Reply-To: Peter S Galbraith <GalbraithP@DFO-MPO.GC.CA>
From: Peter S Galbraith <GalbraithP@DFO-MPO.GC.CA>
X-To: n33dl3r@HOTMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: (Your message of Fri, 26 Jan 2001 01:05:42 GMT.)
<20010126010542.14341.qmail@securityfocus.com>
n33dl3r wrote:
> Hi folks!
>
> In between of heavy gaming i dished up this tiny
> exploit for jaZip!
> Educational purposes only. Please dont abuuuse.
>
>
> Hi mum, gimme some food damnit!
>
>
> -- [snip - jazip-exp.c] --
> /*
> * jaZip-0.32 local buffer overflow exploit
> (tested on debian)
Right.
Initially reported on January 14:
http://www.securityfocus.com/archive/1/156208
http://www.securityfocus.com/bid/2209
Reported to me on January 16, and I informed the upstream
author.
Author provided fixed version 0.33 in the evening of January 21.
Fixed jaZip-0.33 uploaded to Debian on January 22:
http://lists.debian.org/debian-changes-0101/msg00027.html
And then announced here on January 23:
http://www.securityfocus.com/advisories/3037
$ gcc -o jazip-exp jazip-exp.c
$ ./jazip-exp
Using address 0xbffff9e5
jazip: Can't open display \220[cut]
Missing or failed fl_initialize()
$ dpkg -s jazip | grep Version
Version: 0.33-1
Peter Galbraith
Debian maintainer for Jazip.
