Home page logo

bugtraq logo Bugtraq mailing list archives

Re: lynx - someone is deaf and blind ;)
From: stevev () HEXADECIMAL UOREGON EDU (Steve VanDevender)
Date: Wed, 8 Mar 2000 10:13:35 -0800

Mariusz Woloszyn writes:
It's true that lynx segfaults on long URLs, but exploiting it is (IMHO)
impossible because lynx strips all nonprintable characters thus smugling
RET address is impossible. I have never heard about ASCII only shellcode
also :)

I assume lynx bugs are unexploitable...

Don't bet on it.  For the x86, at least, it's not that hard to use only
the opcodes that are printable ASCII characters to write pretty much any
program you'd want; using self-modifying code you can generate the
opcodes that aren't in the printable ASCII set.  I've seen examples,
such as a printable-ASCII-only .COM file for bootstrapping a DOS Kermit

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]