Flutterby™! : Exploit in strings

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Exploit in strings

2014-10-26 18:48:55.716173+00 by Dan Lyke 0 comments

Really? Don't run "strings" on untrusted files. Apparently at some point some yahoo had the brilliant idea to make the "strings" utility try to understand the structure of files, rather than just looking for strings. Bugs in "libfd" allows for arbitrary code execution from well crafted files.

"strings -a" does what "strings" should do, so is safe.

[ related topics: Bay Area ]

comments in ascending chronological order (reverse):