>Of course it shouldn't be really dangerous, but I also found >Attached example of 'evil' archive (Altered.gz) has been created by >compressing empty file with gzip's -n switch. After all, byte at offset >0x0a (one of possibilities :) has been changed. >Under Linux, attempt of unziping or viewing this file will cause >nice segmentation fault. Under NT, it just throws an exception. Probably is exploitable if you dinked with it enough. Instruction well in the executable's range references memory at 0x1. >MS-DOS gzip screws-up totally. Considering that MS-DOS is relatively screwed up to begin with, and has few to no redeeming qualities, I don't find this surprising. Sigh - millions of buffer overruns everywhere, and not enough time to exploit them all. David LeBlanc |Why would you want to have your desktop user, dleblancat_private |your mere mortals, messing around with a 32-bit |minicomputer-class computing environment? |Scott McNealy
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:37:29 PDT