Penetration Testing mailing list archives

Re: FAX virus

From: "M.B.Jr." <marcio.barbado () gmail com>
Date: Mon, 26 Nov 2007 17:18:51 -0200

Hi,

On Nov 21, 2007 9:56 AM, THORNTON Simon <Simon.THORNTON () swift com> wrote:

a G3 Fax (CCITT T.4)
transmission uses a modified form of TIFF file for each page image it
sends.


digital standard machines you mean, I suppose;
and maybe the TIFF format would be a potential vector;

see,
libtiff itself offers some ways to crash the rendering process:

http://secunia.com/advisories/15320/

and

http://secunia.com/advisories/21304/


guess it could be done, yes.






-- 
Marcio Barbado, Jr.

"In fact, companies that innovate on top of open standards are
advantaged because resources are freed up for higher-value work and
because market opportunities expand as the standards proliferate."
Scott Handy
Vice President Worldwide Linux and Open Source, IBM

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

Re: FAX virus cwright (Nov 18)
- RE: FAX virus Ramsdell, Scott (Nov 19)
  - Re: FAX virus M.B.Jr. (Nov 24)
  - Re: FAX virus Steve Friedl (Nov 27)
- RE: FAX virus THORNTON Simon (Nov 24)
  - Re: FAX virus M.B.Jr. (Nov 26)
- <Possible follow-ups>
- Re: RE: FAX virus cwright (Nov 19)
  - Re: FAX virus Alcides (Nov 24)