[5858] in bugtraq
Re: Gzip & segmentation faults
daemon@ATHENA.MIT.EDU (David LeBlanc)
Thu Dec 25 17:20:18 1997
Date: Thu, 25 Dec 1997 12:31:54 -0500
Reply-To: David LeBlanc <dleblanc@MINDSPRING.COM>
From: David LeBlanc <dleblanc@MINDSPRING.COM>
X-To: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski <lcamtuf@POLBOX.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <01bd1140$4770dd00$LocalHost@LCAMTUF>
>Of course it shouldn't be really dangerous, but I also found
>Attached example of 'evil' archive (Altered.gz) has been created by
>compressing empty file with gzip's -n switch. After all, byte at offset
>0x0a (one of possibilities :) has been changed.
>Under Linux, attempt of unziping or viewing this file will cause
>nice segmentation fault.
Under NT, it just throws an exception. Probably is exploitable if you
dinked with it enough. Instruction well in the executable's range
references memory at 0x1.
>MS-DOS gzip screws-up totally.
Considering that MS-DOS is relatively screwed up to begin with, and has few
to no redeeming qualities, I don't find this surprising.
Sigh - millions of buffer overruns everywhere, and not enough time to
exploit them all.
David LeBlanc |Why would you want to have your desktop user,
dleblanc@mindspring.com |your mere mortals, messing around with a 32-bit
|minicomputer-class computing environment?
|Scott McNealy
