Vulners
Lucene search
FCrackZip 1.0 Buffer Overflow
`# Exploit Title: FCrackZip Local Buffer Overflow PoC
# Date: September 5th, 2010
# Author: 0x6264
# Software Link: http://oldhome.schmorp.de/marc/data/fcrackzip-1.0.tar.gz
# Version: 1.0
# Tested on: Ubuntu 10.04
# CVE : None
Software Description:
fcrackzip is a zip password cracker, similar to fzc, zipcrack and others.
Vulnerability:
FCrackZip does not check the length of the input provided to it when using the '-p' flag to supply an initial password or file used for a dictionary attack. Passing it a string exceding its buffer size (40) results in an overwrite.
Vulnerable Code:
----------------------------
case 'p':
strcpy (pw, optarg);
break;
----------------------------
Proof of Concept:
$ ./fcrackzip -p $(python -c 'print "A"*44') file.zip
Due to being compiled using canaries the overflow is detected and the process is terminated before the overwrite can take place.
Solution:
Replace the function 'strcpy (pw, optarg);' with 'strncpy (pw, optarg, 40);' Unlike strcpy(), strncpy() will copy no more than the specified string size(40 in our case).
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Sep 2010 00:00Current
0.9Low risk
Vulners AI Score0.9