blob: 033a4b7afe7ee6508df5f05382989cf4834c7165 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200603-05">
<title>zoo: Stack-based buffer overflow</title>
A stack-based buffer overflow in zoo may be exploited to execute arbitrary
code through malicious ZOO archives.
<product type="ebuild">zoo</product>
<announced>March 06, 2006</announced>
<revised>March 06, 2006: 01</revised>
<package name="app-arch/zoo" auto="yes" arch="*">
<unaffected range="ge">2.10-r1</unaffected>
<vulnerable range="lt">2.10-r1</vulnerable>
zoo is a file archiving utility for maintaining collections of
files, written by Rahul Dhesi.
Jean-Sebastien Guay-Leroux discovered a boundary error in the
fullpath() function in misc.c when processing overly long file and
directory names in ZOO archives.
<impact type="normal">
An attacker could craft a malicious ZOO archive and entice someone
to open it using zoo. This would trigger a stack-based buffer overflow
and potentially allow execution of arbitrary code with the rights of
the victim user.
There is no known workaround at this time.
All zoo users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-arch/zoo-2.10-r1&quot;</code>
<uri link="">CVE-2006-0855</uri>
<uri link="">Original Advisory</uri>
<metadata tag="requester" timestamp="Sun, 26 Feb 2006 17:26:29 +0000">
<metadata tag="bugReady" timestamp="Fri, 03 Mar 2006 17:54:01 +0000">
<metadata tag="submitter" timestamp="Sat, 04 Mar 2006 16:06:52 +0000">