Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: buffer overflow in unace (linux extractor for .ace files)

buffer overflow in unace (linux extractor for .ace files)

From: Andreas Constantinides (MegaHz) <megahz_at_megahz.org>
Date: 09 Nov 2003 21:30:42 +0200

Hello,

I have discover a realy simple buffer overflow in unace(www.winace.com)
command.

normally if you put a wrong filename:
[root_at_megahz root]# ./unace e aa.ace
 
UNACE v2.2 Copyright by ACE Compression Software May 9 2002
10:59:42
                                                                           
Error: No such archive found:
 /root/aa.ace
[root_at_megahz root]#
====================================================================================

the buffer overflow

[root_at_megahz root]# ./unace e aaaaaa(a*600).ace
 
UNACE v2.2 Copyright by ACE Compression Software May 9 2002
10:59:42
                                                                          Segmentation fault
[root_at_megahz root]#

====================================================================================

winace was contacted about this.

MegaHz
www.megahz.org
www.cyhackportal.com
Received on Nov 10 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]