zoo misc.c缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195962 漏洞类型 缓冲区溢出
发布时间 2006-02-23 更新时间 2006-12-12
CVE编号 CVE-2006-0855 CNNVD-ID CNNVD-200602-353
漏洞平台 N/A CVSS评分 5.1
|漏洞来源
https://www.securityfocus.com/bid/16790
https://cxsecurity.com/issue/WLB-2006030043
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-353
|漏洞详情
zoo是用于维护文件集的文件压缩工具。zoo在处理文件名时存在缓冲区溢出漏洞,攻击者可能利用此漏洞在机器上执行任意指令。zoo中的fullpath()/misc.c接受指向目录项的指针并返回组合的目录名和文件名。fullpath()调用combine()/misc.c函数,并假设返回字符串长度不会大于256字节,但事实上该字符串可能大于512字节。如果字符串事实上大于256字节的话,就会在fullpath()/misc.c函数中溢出静态变量,之后的strcpy()操作中会在栈上256字节的目标缓冲区上使用这个字符串。因此攻击者可以轻易的覆盖EIP,从而控制程序的流程。
|漏洞EXP
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200603-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
     Title: zoo: Stack-based buffer overflow
      Date: March 06, 2006
      Bugs: #123782
        ID: 200603-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A stack-based buffer overflow in zoo may be exploited to execute
arbitrary code through malicious ZOO archives.

Background
==========

zoo is a file archiving utility for maintaining collections of files,
written by Rahul Dhesi.

Affected packages
=================

-------------------------------------------------------------------
     Package       /  Vulnerable  /                         Unaffected
    -------------------------------------------------------------------
  1  app-arch/zoo      < 2.10-r1                            >= 2.10-r1

Description
===========

Jean-Sebastien Guay-Leroux discovered a boundary error in the
fullpath() function in misc.c when processing overly long file and
directory names in ZOO archives.

Impact
======

An attacker could craft a malicious ZOO archive and entice someone to
open it using zoo. This would trigger a stack-based buffer overflow and
potentially allow execution of arbitrary code with the rights of the
victim user.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All zoo users should upgrade to the latest version:

# emerge --sync
    # emerge --ask --oneshot --verbose ">=app-arch/zoo-2.10-r1"

References
==========

[ 1 ] CVE-2006-0855
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0855
  [ 2 ] Original Advisory
        http://www.guay-leroux.com/projects/zoo-advisory.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200603-05.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEDKf6vcL1obalX08RAs5NAKCKDi4p2GMTjQ7ByqaP5ijDd6D8fgCggKRn
Evam9zaIUMlCNa+zYZJTj5I=
=Nl0k
-----END PGP SIGNATURE-----
|受影响的产品
Zoo Zoo 2.10 SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE Linux Openexchange Server
|参考资料

来源:GENTOO
名称:GLSA-200603-05
链接:http://www.gentoo.org/security/en/glsa/glsa-200603-05.xml
来源:VUPEN
名称:ADV-2006-1220
链接:http://www.frsirt.com/english/advisories/2006/1220
来源:DEBIAN
名称:DSA-991
链接:http://www.debian.org/security/2006/dsa-991
来源:SECTRACK
名称:1015866
链接:http://securitytracker.com/id?1015866
来源:SECUNIA
名称:19514
链接:http://secunia.com/advisories/19514
来源:SECUNIA
名称:19166
链接:http://secunia.com/advisories/19166
来源:BID
名称:16790
链接:http://www.securityfocus.com/bid/16790
来源:BUGTRAQ
名称:20060223zoocontainsexploitablebufferoverflows
链接:http://www.securityfocus.com/archive/1/archive/1/425887/100/0/threaded
来源:SUSE
名称:SUSE-SR:2006:006
链接:http://www.novell.com/linux/security/advisories/2006_06_sr.html
来源:SUSE
名称:SUSE-SR:2006:005
链接:http://www.novell.com/linux/security/advisories/2006_05_sr.html
来源:MISC
链接:http://www.guay-leroux.com/projects/zoo-advisory.txt
来源:MISC
链接:http://www.guay-leroux.com/projects/barracuda-advisory-ZOO.txt
来源:VUPEN
名称:ADV-2006-0705
链接:http://www.frsirt.com/english/a