mailing list archives
Re: jazip 0.32 local exploit
From: Peter S Galbraith <GalbraithP () DFO-MPO GC CA>
Date: Fri, 26 Jan 2001 15:05:18 -0500
In between of heavy gaming i dished up this tiny
exploit for jaZip!
Educational purposes only. Please dont abuuuse.
Hi mum, gimme some food damnit!
-- [snip - jazip-exp.c] --
* jaZip-0.32 local buffer overflow exploit
(tested on debian)
Initially reported on January 14:
Reported to me on January 16, and I informed the upstream
Author provided fixed version 0.33 in the evening of January 21.
Fixed jaZip-0.33 uploaded to Debian on January 22:
And then announced here on January 23:
$ gcc -o jazip-exp jazip-exp.c
Using address 0xbffff9e5
jazip: Can't open display \220[cut]
Missing or failed fl_initialize()
$ dpkg -s jazip | grep Version
Debian maintainer for Jazip.