OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: lynx - someone is deaf and blind ;)
From: Steve VanDevender (stevevHEXADECIMAL.UOREGON.EDU)
Date: Wed Mar 08 2000 - 12:13:35 CST


Mariusz Woloszyn writes:
> It's true that lynx segfaults on long URLs, but exploiting it is (IMHO)
> impossible because lynx strips all nonprintable characters thus smugling
> RET address is impossible. I have never heard about ASCII only shellcode
> also :)

> I assume lynx bugs are unexploitable...

Don't bet on it. For the x86, at least, it's not that hard to use only
the opcodes that are printable ASCII characters to write pretty much any
program you'd want; using self-modifying code you can generate the
opcodes that aren't in the printable ASCII set. I've seen examples,
such as a printable-ASCII-only .COM file for bootstrapping a DOS Kermit
distribution.