[linux] Best linux tools for removal of windows exploit files on pic CDRs ??

db dbota at att.net
Wed Aug 23 07:57:06 PDT 2006 

Not sure how widely circulated the jpg exploits are but they do exist. 
*Exploit*-MS04-028 is one that was ID'd. 

That one won't harm a computer that is patched so my machine would not 
be affected by MS04-028 but I am still somewhat concerned about the 
potential harm I could visit on others who will receive my photos and 
might not have updated/ patched their systems.

It may be that I there is not a good solution for my situation and I 
may  need , from a practical point of view, to forget about ridding my 
files of the jpg  exploit possibility.   The fact that I nothing came of 
my google searches indicates there may not be a practical solution out 
there ...  but I was just posting  in the hope there was.

As per your "write a cleaner" suggestion, I thank you for it but 
unfortunately, I have no favorite high-level language ... I am not a 
programmer.

db

Evan Martin wrote:
> Just some ideas, maybe bad ones:
>
> It looks like running "convert src.jpg dst.jpg" creates a new and
> different file of a different size.  (That's "convert" from
> ImageMagick, which is pretty common on Linux.)  Of course, you can't
> be sure that the exploit isn't somehow copied over as well... but I'm
> also skeptical that a jpeg exploit exists.  (Not really founded in
> anything, but I think I would've heard about it.  When that WMF
> problem was discovered, for example, it was used as an attack vector
> by an advertiser on MySpace.)
>
> Another option is to see what your virus scanner is complaining about,
> then read about the exploit and write a cleaner directly for it.  You
> can probably find easy-to-use jpeg-parsing libraries for your favorite
> high-level language.
>
> On 8/23/06, db <dbota at att.net> wrote:
>> Well back to square one.
>>
>> I did I test on a jpg file and converted it to a .png file so as to
>> rewrap it,  (lose any potential jpg exploit while retaining pic
>> quality...) and the file was exactly almost  10 times the size as the
>> jpg.  Since I have 5 CDs worth of jpg files (about 2.5 GB's in all),
>> converting them would leave me with 25 GB's or 25 CD's worth of pic
>> files.  Way too much to deal with storage wise and everywise.
>>
>> Sounds like I can just copy and reburn the jpgs on the CD's while on a
>> linux machine and that will safely eliminate all non jpg exploits.   I
>> still don't however have a feasible work around that will allow me to
>> not pass on to potential non-patched windows machine any jpg exploits
>> that could exist on the CD's.
>>
>> Maybe there is no solution for this aspect?   Can anyone suggest any
>> other work arounds?
>> All will be appreciated.  Thanks,
>>
>> db
>>
>> Ethan Merritt wrote:
>> > On Monday 21 August 2006 02:00 pm, you wrote:
>> >
>> >> I could probably do that easy enough using via a batch file 
>> conversion,
>> >> but because jpg is a loessy file type, wouldn't I experience a  
>> loss in
>> >> picture quality to all my files if I converted/resaved all the 
>> files??
>> >>
>> >
>> > The loss happens when you create a jpeg file.  You don't lose anything
>> > additional during readout or playback.  So if you convert from a lossy
>> > format (jpeg) to a loss-less format (png), you are OK.   Of course, 
>> the
>> > png file is bigger than the original jpeg, but that's the price you 
>> pay
>> > for loss-less storage.
>> >
>> >       EAM
>> >
>> >
>> >> I wouldn't mind losing quality to some infected files or even losing
>> >> them completely but if that is true I would rather try to avoid 
>> across
>> >> the board quality loss to all the jpg's.  (There are also a smaller
>> >> number of digital movie files on the CDs but I don't imagine they 
>> would
>> >> be an exploit problem in any case....)
>> >> db
>> >>
>> >> Ethan Merritt wrote:
>> >>
>> >>> On Monday 21 August 2006 12:18 pm, db wrote:
>> >>>
>> >>>> Thanks for the advice to simply use the Linux machine to copy the
>> >>>> files but it seems to rely on there being no jpg picture file
>> >>>> exploits.
>> >>>>
>> >>> That was why I suggested that you use the linux machine to convert
>> >>> the jpg files to something else.  Actually, you could "convert" from
>> >>> jpeg to another jpeg if you want.  The idea is that any exploit 
>> hiding
>> >>> in the original jpeg file is dependent on specially crafted envelope
>> >>> information in addition to the picture contents.  The conversion 
>> tool
>> >>> will generate new envelope information for the output image, so even
>> >>> if the picture contents were the same (but they won't be in the case
>> >>> of jpeg) it still would no longer be an exploit.
>> >>>
>> >>>
>> >>>> In
>> >>>> checking, I see that there are some jpg exploits  ...  
>> admittedly they
>> >>>> surfaced in 2004   (*Exploit*-MS04-028) and an up to date  windows
>> >>>> machine has been patched for those but perhaps there are  new
>> >>>> variants?
>> >>>>
>> >>>> I would also prefer not to be possibly circulating a jpg exploit 
>> with
>> >>>> my pics that could compromise somebody's unpatched windows
>> >>>> computer...
>> >>>>
>> >>>> Does anyone have further info on the jpg exploit issue and linux 
>> tools
>> >>>> for culling windoze exploits from files?
>> >>>>
>> >>>> Thanks for all the info that's been volunteered ...
>> >>>>
>> >>>> db
>> >>>>
>> >>>> Chris DeVoney wrote:
>> >>>>
>> >>>>>> From: linux-bounces at mailman1.u.washington.edu
>> >>>>>> [mailto:linux-bounces at mailman1.u.washington.edu] On Behalf Of
>> >>>>>> Evan Martin
>> >>>>>> Sent: Sunday, August 20, 2006 6:34 PM
>> >>>>>>
>> >>>>>> Since (AFAIK) there are no exploits for jpegs (anyway, an
>> >>>>>> exploit would target a particular jpeg decoder, not jpegs
>> >>>>>> themselves), I'd copy all the images off the CD on a Linux
>> >>>>>> machine, then burn those to a new CD.
>> >>>>>>
>> >>>>> There was a buffer overflow exploit in Windows (CAN-2004-0200,
>> >>>>> MS04-028) patched long ago. Like you, I am unaware of any image
>> >>>>> exploit under Linux and second the motion of mounting the 
>> drive, copy
>> >>>>> off the JPEGs, and reburn. With modest precaution, you could even
>> >>>>> load the CD under Windows (just hold down that shift key) and copy
>> >>>>> off the JPEGS.
>> >>>>>
>> >>>>> I was looking the reported list and wonder how did some of 
>> these get
>> >>>>> on the CD? The ones mentioned by db are mass-mailer vectored. 
>> Since
>> >>>>> they are not copied automatically when a disk is created, could 
>> they
>> >>>>> have been copied with the images?
>> >>>>>
>> >>>>> cdv
>> >>>>>
>> >>>>> Chris DeVoney
>> >>>>> Division of Metabolism, Endocrinology, and Nutrition
>> >>>>> UW School of Medicine
>> >>>>>
>> >
>> >
>>
>

More information about the Linux mailing list