Bugtraq mailing list archives
Re: Gzip & segmentation faults
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Thu, 25 Dec 1997 12:31:54 -0500
Of course it shouldn't be really dangerous, but I also found Attached example of 'evil' archive (Altered.gz) has been created by compressing empty file with gzip's -n switch. After all, byte at offset 0x0a (one of possibilities :) has been changed. Under Linux, attempt of unziping or viewing this file will cause nice segmentation fault.
Under NT, it just throws an exception. Probably is exploitable if you dinked with it enough. Instruction well in the executable's range references memory at 0x1.
MS-DOS gzip screws-up totally.
Considering that MS-DOS is relatively screwed up to begin with, and has few to no redeeming qualities, I don't find this surprising. Sigh - millions of buffer overruns everywhere, and not enough time to exploit them all. David LeBlanc |Why would you want to have your desktop user, dleblanc () mindspring com |your mere mortals, messing around with a 32-bit |minicomputer-class computing environment? |Scott McNealy
Current thread:
- Gzip & segmentation faults Micha? Zalewski (Dec 25)
- Quake II Remote Denial of Service profound darkness (Dec 24)
- Re: Gzip & segmentation faults David LeBlanc (Dec 25)
- Re: Gzip & segmentation faults J.A. Gutierrez (Dec 26)
- More Quake II Quirks profound darkness (Dec 25)
- Re: Gzip & segmentation faults Frank de Lange (Dec 28)
- <Possible follow-ups>
- Re: Gzip & segmentation faults wosch () FREEBSD ORG (Dec 26)