TITLE: Zoo "parse()" File Name Handling Buffer Overflow SECUNIA ADVISORY ID: SA19250 VERIFY ADVISORY: http://secunia.com/advisories/19250/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: zoo 2.x http://secunia.com/product/8297/ DESCRIPTION: Josh Bressers has reported a vulnerability in zoo, which potentially can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error within the "parse()" function in parse.c when creating an archive from a file with an overly long pathname. This can be exploited to cause a stack-based buffer overflow and may allow arbitrary code execution. Successful exploitation requires that the user is e.g. tricked into adding a file that is located in directories with overly long names into an archive. The vulnerability has been reported in version 2.10. Other versions may also be affected. SOLUTION: Do not add files located in non-trusted directories into an archive. PROVIDED AND/OR DISCOVERED BY: Josh Bressers ORIGINAL ADVISORY: Red Hat Bugzilla: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183426 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------