Skip to content
Branch: master
Find file History
Pull request Compare This branch is 1 commit ahead, 3 commits behind mudongliang:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md
alzgen.pl

README.md

CVE-2005-3862

Experiment Environment

CentOS 6.4

Ubuntu 14.04

INSTALL & Configuration

wget https://github.com/mudongliang/source-packages/raw/master/CVE-2005-3862/unalz-0.52.tgz 

tar -xvf unalz-0.52.tgz
cd unalz

make linux-utf8

Problems in Installation & Configuration

add the following header files in UnAlz.h

#include <stdlib.h>
#include <string.h>

How to trigger vulnerability

perl alzgen.pl 25600 test
./unalz/unalz test

PoCs

Unalz 0.x - Archive Filename Buffer Overflow

securityfocus

Vulnerability Details & Patch

Root Cause

UnAlz.cpp:427

        strncpy(inbuf, zipHeader.fileName, size);

Stack Trace

(gdb) info stack
#0  UNALZ::CUnAlz::ReadLocalFileheader (this=0x55555555) at UnAlz.cpp:428
#1  0x55555555 in ?? ()
#2  0x55555555 in ?? ()
#3  0x55555555 in ?? ()

References

You can’t perform that action at this time.