Bugtraq mailing list archives

Re: Gzip & segmentation faults

From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Thu, 25 Dec 1997 12:31:54 -0500

Of course it shouldn't be really dangerous, but I also found
Attached example of 'evil' archive (Altered.gz) has been created by
compressing empty file with gzip's -n switch. After all, byte at offset
0x0a (one of possibilities :) has been changed.
Under Linux, attempt of unziping or viewing this file will cause
nice segmentation fault.


Under NT, it just throws an exception.  Probably is exploitable if you
dinked with it enough.  Instruction well in the executable's range
references memory at 0x1.

MS-DOS gzip screws-up totally.


Considering that MS-DOS is relatively screwed up to begin with, and has few
to no redeeming qualities, I don't find this surprising.

Sigh - millions of buffer overruns everywhere, and not enough time to
exploit them all.


David LeBlanc           |Why would you want to have your desktop user,
dleblanc () mindspring com |your mere mortals, messing around with a 32-bit
                        |minicomputer-class computing environment?
                        |Scott McNealy

Current thread:

Gzip & segmentation faults Micha? Zalewski (Dec 25)
- Quake II Remote Denial of Service profound darkness (Dec 24)
- Re: Gzip & segmentation faults David LeBlanc (Dec 25)
  - Re: Gzip & segmentation faults J.A. Gutierrez (Dec 26)
- More Quake II Quirks profound darkness (Dec 25)
- Re: Gzip & segmentation faults Frank de Lange (Dec 28)
- <Possible follow-ups>
- Re: Gzip & segmentation faults wosch () FREEBSD ORG (Dec 26)