Wednesday 12 January 2011

Zip Buffer Overflow

Okay no need to panic, I am not a hacker better yet a blackhat hacker. I stumbled on this by error and honestly i am a little perplexed as i thought this was surprising.

Below you will find the results of my interesting play:

"[doctor@localhost ~]$ zip --password
*** buffer overflow detected ***: zip terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x4d)[0xc0102d]
/lib/libc.so.6[0xbff06a]
/lib/libc.so.6[0xbfe798]
/lib/libc.so.6(_IO_default_xsputn+0x13c)[0xb770ec]
/lib/libc.so.6(_IO_vfprintf+0x3fed)[0xb4cf7d]
/lib/libc.so.6(__vsprintf_chk+0xa7)[0xbfe847]
/lib/libc.so.6(__sprintf_chk+0x2d)[0xbfe78d]
zip[0x8060853]
zip[0x80616ec]
zip[0x804ba6e]
/lib/libc.so.6(__libc_start_main+0xe6)[0xb20cc6]
zip[0x8049631]
======= Memory map: ========
00440000-00441000 r-xp 00000000 00:00 0 [vdso]
009fc000-00a19000 r-xp 00000000 fd:00 71151 /lib/libgcc_s-4.4.5-20101113.so.1
00a19000-00a1a000 rw-p 0001d000 fd:00 71151 /lib/libgcc_s-4.4.5-20101113.so.1
00ae8000-00b06000 r-xp 00000000 fd:00 8320 /lib/ld-2.12.2.so
00b06000-00b07000 r--p 0001d000 fd:00 8320 /lib/ld-2.12.2.so
00b07000-00b08000 rw-p 0001e000 fd:00 8320 /lib/ld-2.12.2.so
00b0a000-00c8e000 r-xp 00000000 fd:00 8456 /lib/libc-2.12.2.so
00c8e000-00c8f000 ---p 00184000 fd:00 8456 /lib/libc-2.12.2.so
00c8f000-00c91000 r--p 00184000 fd:00 8456 /lib/libc-2.12.2.so
00c91000-00c92000 rw-p 00186000 fd:00 8456 /lib/libc-2.12.2.so
00c92000-00c95000 rw-p 00000000 00:00 0
08047000-08078000 r-xp 00000000 fd:00 21981 /usr/bin/zip
08078000-08079000 rw-p 00031000 fd:00 21981 /usr/bin/zip
08079000-080c8000 rw-p 00000000 00:00 0
08451000-08472000 rw-p 00000000 00:00 0 [heap]
b7537000-b7737000 r--p 00000000 fd:00 70657 /usr/lib/locale/locale-archive
b7737000-b7738000 rw-p 00000000 00:00 0
b7749000-b774a000 rw-p 00000000 00:00 0
bf8a9000-bf8ca000 rw-p 00000000 00:00 0 [stack]
"

Yes you guessed it. This is off a linux terminal and again no need to panic as I believe zip just does not like being played with. I know unlike some other operating systems out there this is that for the nerds but all i did was to enter "zip --password" which i thought was innocent enough.

Oh well i guess this out now as a result if you do have zip on your linux box you might want to poke it a few times if you have not done so already. Just so you rest easy you can disable the service in order for this vulnerability not to be exploited.

Fedora 13 - 2.6.34.7-66.fc13.i686

My contribution to the world.