Vulnerabilities > CVE-2006-1269 - Local Buffer Overflow vulnerability in Rahul Dhesi ZOO 2.10

047910
CVSS 6.2 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
high complexity
rahul-dhesi
nessus
exploit available

Summary

Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive.

Vulnerable Configurations

Part Description Count
Application
Rahul_Dhesi
1

Exploit-Db

descriptionZoo 2.10 Parse.c Local Buffer Overflow Vulnerability. CVE-2006-1269 . Dos exploit for linux platform
idEDB-ID:27425
last seen2016-02-03
modified2006-03-16
published2006-03-16
reporterJosh Bressers
sourcehttps://www.exploit-db.com/download/27425/
titleZoo 2.10 - Parse.c Local Buffer Overflow Vulnerability

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200603-12.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200603-12 (zoo: Buffer overflow) zoo is vulnerable to a new buffer overflow due to insecure use of the strcpy() function when trying to create an archive from certain directories or filenames. Impact : An attacker could exploit this issue by enticing a user to create a zoo archive of specially crafted directories and filenames, possibly leading to the execution of arbitrary code with the rights of the user running zoo. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id21085
published2006-03-16
reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/21085
titleGLSA-200603-12 : zoo: Buffer overflow
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200603-12.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(21085);
  script_version("1.14");
  script_cvs_date("Date: 2019/08/02 13:32:43");

  script_cve_id("CVE-2006-1269");
  script_xref(name:"GLSA", value:"200603-12");

  script_name(english:"GLSA-200603-12 : zoo: Buffer overflow");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200603-12
(zoo: Buffer overflow)

    zoo is vulnerable to a new buffer overflow due to insecure use of
    the strcpy() function when trying to create an archive from certain
    directories or filenames.
  
Impact :

    An attacker could exploit this issue by enticing a user to create
    a zoo archive of specially crafted directories and filenames, possibly
    leading to the execution of arbitrary code with the rights of the user
    running zoo.
  
Workaround :

    There is no known workaround at this time."
  );
  # https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183426
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=183426"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200603-12"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All zoo users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=app-arch/zoo-2.10-r2'"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:zoo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/03/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/03/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-arch/zoo", unaffected:make_list("ge 2.10-r2"), vulnerable:make_list("lt 2.10-r2"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zoo");
}