buffer overflow per last night

der.hans PLUGd at LuftHans.com
Fri Aug 11 12:57:54 MST 2017


moin moin,

during Aaron's presentation last night we discussed how a static video or
image file could be used to infect a computer.

Here's a group that used a DNA sequence to exploit a buffer overflow in an
application that searches DNA sequences.

In this case they cheated, by adding the vulnerability, but it
demonstrates what we were discussing at the meeting last night.

----
“The conversion from ASCII As, Ts, Gs, and Cs into a stream of bits is
done in a fixed-size buffer that assumes a reasonable maximum read
length,” explained co-author Karl Koscher in response to my requests for
more technical information.

That makes it ripe for a basic buffer overflow attack in which programs
execute arbitrary code because it falls outside expected parameters. (They
cheated a little by introducing a particular vulnerability into the
software themselves, but they also point out that similar ones are present
elsewhere, just not as conveniently for purposes of demonstration.)
----

https://techcrunch.com/2017/08/09/malicious-code-written-into-dna-infects-the-computer-that-reads-it/#

ciao,

der.hans
-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  You can't handle the source! - der.hans


More information about the PLUG-discuss mailing list