Bugtraq mailing list archives

Re: jazip 0.32 local exploit

From: Peter S Galbraith <GalbraithP () DFO-MPO GC CA>
Date: Fri, 26 Jan 2001 15:05:18 -0500

n33dl3r wrote:

Hi folks!

In between of heavy gaming i dished up this tiny
exploit for jaZip!
Educational purposes only. Please dont abuuuse.


Hi mum, gimme some food damnit!


-- [snip - jazip-exp.c] --
/*
 *  jaZip-0.32 local buffer overflow exploit
(tested on debian)


Right.

Initially reported on January 14:
 http://www.securityfocus.com/archive/1/156208
 http://www.securityfocus.com/bid/2209

Reported to me on January 16, and I informed the upstream
author.

Author provided fixed version 0.33 in the evening of January 21.

Fixed jaZip-0.33 uploaded to Debian on January 22:
 http://lists.debian.org/debian-changes-0101/msg00027.html

And then announced here on January 23:
 http://www.securityfocus.com/advisories/3037

$ gcc -o jazip-exp jazip-exp.c
$ ./jazip-exp
Using address 0xbffff9e5
jazip: Can't open display \220[cut]
Missing or failed fl_initialize()

$ dpkg -s jazip | grep Version
Version: 0.33-1

Peter Galbraith
Debian maintainer for Jazip.

Current thread:

jazip 0.32 local exploit n33dl3r (Jan 26)
- Re: jazip 0.32 local exploit Peter S Galbraith (Jan 29)