zoo: Stack-based buffer overflow
Gentoo Linux Security Advisory
||GLSA 200603-05 / zoo
||March 06, 2006
||March 06, 2006: 01
All supported architectures
A stack-based buffer overflow in zoo may be exploited to execute arbitrary
code through malicious ZOO archives.
zoo is a file archiving utility for maintaining collections of
files, written by Rahul Dhesi.
Jean-Sebastien Guay-Leroux discovered a boundary error in the
fullpath() function in misc.c when processing overly long file and
directory names in ZOO archives.
An attacker could craft a malicious ZOO archive and entice someone
to open it using zoo. This would trigger a stack-based buffer overflow
and potentially allow execution of arbitrary code with the rights of
the victim user.
There is no known workaround at this time.
All zoo users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/zoo-2.10-r1"