CVE-2006-1269

Name of the Vulnerable Software and Affected Versions zoo version 2.10

Description A buffer overflow issue exists in the parse function, potentially allowing local users to execute arbitrary code via long filename command line arguments during archive creation. The impact is limited due to the local nature of the issue and the lack of setuid, but there may be scenarios where the zoo user automatically lists attacker-controlled filenames, increasing the risk.

Recommendations For zoo version 2.10, consider restricting the length of filename command line arguments to prevent buffer overflow exploitation until a patch is available. As a temporary workaround, avoid using long filenames when creating archives with zoo.