Date: Thu, 29 Nov 2007 16:18:25 -0800
From: "Matthew Leeds" <mleeds@theleeds.net.>
To: "Steve Shockley" <steve.shockley@shockley.net.>,
Subject: Re[2]: Microsoft FTP Client Multiple Bufferoverflow
Vulnerability
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V01U2FsdGVkX18ZS5OwG3CKSPt8G7mHlgNmc60f8ECJyFRt3rP
Y4+FB5SqHDWYMH7XdZp6osfnNg/aF3sChjjFRsl6zW39lNK06+
qajntVADHssd+xgt7wl0iVooASoBthR
X-Virus-Scanned: antivirus-gw at tyumen.ru
Given the past issues with .zip and .rar unpackers, unpacking an archive=
should be considered a risky activity. In some sense, opening, accessing,=
playing, or otherwise touching any file from an unknown source could be=
considered risky. The list of issues with media files, archive files, (or=
more accurately put, the applications that handle them) and the like is=
too long to recite, but informative.
----------
---Matthew
*********** REPLY SEPARATOR ***********
On 11/29/2007 at 6:09 PM Steve Shockley wrote:
>[email protected] wrote:
>>> An attacker who can convince an user to extract a specially crafted
>>> archive can overwrite arbitrary files with the permissions of the user
>>> running gtar. If that user is root, the attacker can overwrite any
>>> file on the system.
>>
>> Apparently, somebody at FreeBSD thinks "can be exploited if you trick=
the
>> user into doing something" is a valid attack vector.
>
>The difference is that I'd be surprised when I got 0wned by unpacking an
>archive, and not all that surprised when I got 0wned by running a random
>executable (script) file.
