OK
On pspupdates its been anounced that appearantly an exploit has been found in libungif, in versions below 4.1.4(released 10-19-2005)
Heres the link to the thread--->
http://forums.qj.net/showthread.php?t=28627 Heres a link to Info about the exploit: http://www.frsirt.com/english/advisories/2005/2295
..and some "proof-of-concept" GIFs
http://scary.beasts.org/misc/bad1.gif http://scary.beasts.org/misc/bad2.gif http://scary.beasts.org/misc/bad3.gif Heres what is known:
GIFs "bad1" and "bad2" cause fw versions 2.01 and 2.5 to "freeze" and shut themselves down.
GIF "bad3" doesnt cause 2.01 to crash but once you select it you get error code 00000001(I dont know about 2.5)
These dont work on 2.6. That fw has been patched.
This exploit has led to code execution on computers.
Fanjita on pspupdates wrote this: Quote:
Exploiting this one isn't straightforward.
It's being looked at, but due to the nature of the vulnerability (heap vs stack overflow, for a start), it's far from simple.
I'm hoping something will come of this, but don't hold your breath.
Incidentally, it looks like if it can be made to work, it would be good for at least 2.01 and 2.5. 2.6 seems to have fixed it, from what I remember.
|
And this: Quote:
It's been confirmed as fixed on 2.6 (and it makes sense, since the publicly-known vulnerability was fixed in libungif between the 2.5 and 2.6 release dates).
To my knowledge it's not been discussed in any open forums. Most of the places that house sufficient knowledge to discuss this sort of thing productively don't like discussing exploits. And most decent hackers don't like to raise people's hopes before something has come of their ideas .
Rest assured that it is being explored by talented coders, and that there's a decent chance of it turning out to be useful. But it's far from pretty to work with.
|
Just thought everyone should see this.......
-Peace