Published: 12/03/2001 Updated: 10/10/2017

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
iomega jazip 0.32.2

With older versions of jazip a user could gain root access for members of the floppy group to the local machine The interface doesn't run as root anymore and this very exploit was prevented The program now also truncates DISPLAY to 256 characters if it is bigger, which closes the buffer overflow (within xforms) We recommend you upgrade your jazi ...

#!/usr/bin/perl ## jaZip Exploit / Tested version: jaZip-032-2 / anno 2000 ## <teleh0r@doglovercom> || teleh0rcjbnet/ ## Vulnerable: Turbolinux 60 ## ## [teleh0r@localhost teleh0r]$ rpm -q jaZip ## jaZip-032-2 ## [teleh0r@localhost teleh0r]$ /jazip-exploitpl ## Address: 0xbffff7ac ## bash# $shellcode = ...

NVD-CWE-Other http://www.securityfocus.com/bid/2209 http://archives.neohapsis.com/archives/bugtraq/2001-01/0228.html http://www.debian.org/security/2001/dsa-017 https://exchange.xforce.ibmcloud.com/vulnerabilities/5942 https://nvd.nist.gov https://www.debian.org/security/./dsa-017 https://www.exploit-db.com/exploits/257/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2001-0110

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect