Bugtraq mailing list archives
buffer overflow in unace (linux extractor for .ace files)
From: "Andreas Constantinides (MegaHz)" <megahz () megahz org>
Date: 09 Nov 2003 21:30:42 +0200
Hello, I have discover a realy simple buffer overflow in unace(www.winace.com) command. normally if you put a wrong filename: [root@megahz root]# ./unace e aa.ace UNACE v2.2 Copyright by ACE Compression Software May 9 2002 10:59:42 Error: No such archive found: /root/aa.ace [root@megahz root]# ==================================================================================== the buffer overflow [root@megahz root]# ./unace e aaaaaa(a*600).ace UNACE v2.2 Copyright by ACE Compression Software May 9 2002 10:59:42 Segmentation fault [root@megahz root]# ==================================================================================== winace was contacted about this. MegaHz www.megahz.org www.cyhackportal.com
Current thread:
- buffer overflow in unace (linux extractor for .ace files) Andreas Constantinides (MegaHz) (Nov 10)