| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Apr 2010 22:11:50 +1000 From: Steven Seeley <seeleymagic@...mail.com> To: <full-disclosure@...ts.grok.org.uk>, <secalert@...urityreason.com>, <vuln@...unia.com> Cc: corelan.team@...elan.be Subject: [SECURITY] - Jzip (.zip) Unicode bof Vulnerability |------------------------------------------------------------------| | __ __ | | _________ ________ / /___ _____ / /____ ____ _____ ___ | | / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ | | / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / | | \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ | | | | http://www.corelan.be:8800 | | security@...elan.be | | | |-------------------------------------------------[ EIP Hunters ]--| Advisory : CORELAN-10-021 Disclosure date : 6th Apr 2010 0x00 : Vulnerability information ——————————– [*] Product : Jzip [*] Version : 1.3 [*] Vendor : http://www.jzip.com/ [*] URL : http://download.jzip.com/jZipV1.exe [*] Type of vulnerability : Local Stack Overflow [*] Risk rating : Low [*] Issue fixed in version : none [*] Vulnerability discovered by : mr_me [*] Greetings to : The Corelan Security Team (http://www.corelan.be:8800/index.php/security/corelan-team-members/) 0x01 : Vendor description of software ————————————- >>From the vendor website: - Create, open and extract Zip, TAR, GZip and 7-Zip. Open and extract from RAR and ISO. - jZip is absolutely FREE for everybody, home and enterprise users - jZip is an easy to use and fast archiving software - jZip is based on proven 7-Zip technology by Igor Pavlov 0x02 : Vulnerability details —————————- Local Stack Overflow: When the application receives a malicious .zip file it can cause a buffer overflow in the 'filename' buffer of the application, resulting in a denial of service. Code execution may still be possible. 0x03 : Vendor communication ————————— [*] 27th Mar, 2010 : Vendor contacted [*] 3rd Apr, 2010 : Vendor reminded of vulnerability [*] 6th Apr, 2010 : No contact [*] 6th Apr, 2010 : Public Disclosure 0x04 : Exploit/PoC —————— http://net-ninja.net/blog/media/blogs/b/exploits/jzip.php.txt _________________________________________________________________ New, Used, Demo, Dealer or Private? Find it at CarPoint.com.au http://clk.atdmt.com/NMN/go/206222968/direct/01/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists