n33dl3r wrote:
> Hi folks!
>
> In between of heavy gaming i dished up this tiny
> exploit for jaZip!
> Educational purposes only. Please dont abuuuse.
>
>
> Hi mum, gimme some food damnit!
>
>
> -- [snip - jazip-exp.c] --
> /*
> * jaZip-0.32 local buffer overflow exploit
> (tested on debian)
Right.
Initially reported on January 14:
http://www.securityfocus.com/archive/1/156208
http://www.securityfocus.com/bid/2209
Reported to me on January 16, and I informed the upstream
author.
Author provided fixed version 0.33 in the evening of January 21.
Fixed jaZip-0.33 uploaded to Debian on January 22:
http://lists.debian.org/debian-changes-0101/msg00027.html
And then announced here on January 23:
http://www.securityfocus.com/advisories/3037
$ gcc -o jazip-exp jazip-exp.c
$ ./jazip-exp
Using address 0xbffff9e5
jazip: Can't open display \220[cut]
Missing or failed fl_initialize()
$ dpkg -s jazip | grep Version
Version: 0.33-1
Peter Galbraith
Debian maintainer for Jazip.