Home page logo

bugtraq logo Bugtraq mailing list archives

Re: jazip 0.32 local exploit
From: Peter S Galbraith <GalbraithP () DFO-MPO GC CA>
Date: Fri, 26 Jan 2001 15:05:18 -0500

n33dl3r wrote:

Hi folks!

In between of heavy gaming i dished up this tiny
exploit for jaZip!
Educational purposes only. Please dont abuuuse.

Hi mum, gimme some food damnit!

-- [snip - jazip-exp.c] --
 *  jaZip-0.32 local buffer overflow exploit
(tested on debian)


Initially reported on January 14:

Reported to me on January 16, and I informed the upstream

Author provided fixed version 0.33 in the evening of January 21.

Fixed jaZip-0.33 uploaded to Debian on January 22:

And then announced here on January 23:

$ gcc -o jazip-exp jazip-exp.c
$ ./jazip-exp
Using address 0xbffff9e5
jazip: Can't open display \220[cut]
Missing or failed fl_initialize()

$ dpkg -s jazip | grep Version
Version: 0.33-1

Peter Galbraith
Debian maintainer for Jazip.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]