buffer overflow per last night

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans
Date:  
To: quatsch
Subject: buffer overflow per last night
moin moin,

during Aaron's presentation last night we discussed how a static video or
image file could be used to infect a computer.

Here's a group that used a DNA sequence to exploit a buffer overflow in an
application that searches DNA sequences.

In this case they cheated, by adding the vulnerability, but it
demonstrates what we were discussing at the meeting last night.

----
“The conversion from ASCII As, Ts, Gs, and Cs into a stream of bits is
done in a fixed-size buffer that assumes a reasonable maximum read
length,” explained co-author Karl Koscher in response to my requests for
more technical information.

That makes it ripe for a basic buffer overflow attack in which programs
execute arbitrary code because it falls outside expected parameters. (They
cheated a little by introducing a particular vulnerability into the
software themselves, but they also point out that similar ones are present
elsewhere, just not as conveniently for purposes of demonstration.)
----

https://techcrunch.com/2017/08/09/malicious-code-written-into-dna-infects-the-computer-that-reads-it/#

ciao,

der.hans
--
# https://www.LuftHans.com https://www.PhxLinux.org
# You can't handle the source! - der.hans---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss