Bugtraq mailing list archives
Re: jazip 0.32 local exploit
From: Peter S Galbraith <GalbraithP () DFO-MPO GC CA>
Date: Fri, 26 Jan 2001 15:05:18 -0500
n33dl3r wrote:
Hi folks! In between of heavy gaming i dished up this tiny exploit for jaZip! Educational purposes only. Please dont abuuuse. Hi mum, gimme some food damnit! -- [snip - jazip-exp.c] -- /* * jaZip-0.32 local buffer overflow exploit (tested on debian)
Right. Initially reported on January 14: http://www.securityfocus.com/archive/1/156208 http://www.securityfocus.com/bid/2209 Reported to me on January 16, and I informed the upstream author. Author provided fixed version 0.33 in the evening of January 21. Fixed jaZip-0.33 uploaded to Debian on January 22: http://lists.debian.org/debian-changes-0101/msg00027.html And then announced here on January 23: http://www.securityfocus.com/advisories/3037 $ gcc -o jazip-exp jazip-exp.c $ ./jazip-exp Using address 0xbffff9e5 jazip: Can't open display \220[cut] Missing or failed fl_initialize() $ dpkg -s jazip | grep Version Version: 0.33-1 Peter Galbraith Debian maintainer for Jazip.
Current thread:
- jazip 0.32 local exploit n33dl3r (Jan 26)
- Re: jazip 0.32 local exploit Peter S Galbraith (Jan 29)