Vulnerabilities > CVE-2006-1269 - Local Buffer Overflow vulnerability in Rahul Dhesi ZOO 2.10
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Zoo 2.10 Parse.c Local Buffer Overflow Vulnerability. CVE-2006-1269 . Dos exploit for linux platform |
id | EDB-ID:27425 |
last seen | 2016-02-03 |
modified | 2006-03-16 |
published | 2006-03-16 |
reporter | Josh Bressers |
source | https://www.exploit-db.com/download/27425/ |
title | Zoo 2.10 - Parse.c Local Buffer Overflow Vulnerability |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200603-12.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200603-12 (zoo: Buffer overflow) zoo is vulnerable to a new buffer overflow due to insecure use of the strcpy() function when trying to create an archive from certain directories or filenames. Impact : An attacker could exploit this issue by enticing a user to create a zoo archive of specially crafted directories and filenames, possibly leading to the execution of arbitrary code with the rights of the user running zoo. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21085 |
published | 2006-03-16 |
reporter | This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/21085 |
title | GLSA-200603-12 : zoo: Buffer overflow |
code |
|
References
- http://secunia.com/advisories/19250
- http://secunia.com/advisories/19254
- http://www.gentoo.org/security/en/glsa/glsa-200603-12.xml
- http://www.securityfocus.com/bid/17126
- http://www.vupen.com/english/advisories/2006/0969
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183426
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25264