[PLUG] First JPEG virus is out there

Daggett, Steve Steve.Daggett at fiserv.com
Tue Sep 28 11:01:02 PDT 2004


 
Bill Thoen asks:
> 
> On Tue, 28 Sep 2004, Paul Heinlein wrote:
> > Image files are parsed and "executed" by various rendering 
> > libraries. 
> > If those libraries don't do proper bounds checking, regardless of 
> > whether the host OS is Windows or Linux, a buffer overflow could 
> > occur.
> 
> So what do the bad guys actually do with a "buffer overflow"? 
> How does that run a virus installer instead of just crashing?

  Basically, any program that accepts an input can be buffer overflowed.
The overflow may contain an executable program, including an FTP client.  

I believe the definitive article is still the original from Phrack.  

	`smash the stack` [C programming] n. On many C implementations
	it is possible to corrupt the execution stack by writing past
	the end of an array declared auto in a routine.  Code that does
	this is said to smash the stack, and can cause return from the
	routine to jump to a random address.  This can produce some of
	the most insidious data-dependent bugs known to mankind.
	Variants include trash the stack, scribble the stack, mangle
	the stack; the term mung the stack is not used, as this is
	never done intentionally. See spam; see also alias bug,
	fandango on core, memory leak, precedence lossage, overrun screw.

Phrack 49
Smashing The Stack For Fun And Profit
http://www.phrack.org/show.php?p=49&a=14


Steve D...





More information about the PLUG mailing list