From: hgeiger at aerasec.de (Harald Geiger)
Subject: Re: Decompression Bombs

Oops, sorry. The link point to the old advisory. Correct is: 

For details see our full advisory:
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.h 
tml 

On Tue, Feb 03, 2004 at 05:34:18PM +0100, Harald Geiger wrote:
> As a followup to
> http://lists.netsys.com/pipermail/full-disclosure/2004-January/015420.html
> where we pointed out vulnerabilities of some antivirus-gateways
> while decompressing bzip2-bombs, we were interested in the behaviour
> of various applications that process compressed data. 
> 
> It looks like not only bzip2 bombs, but also decompression bombs in
> general might cause problems. Compression is used in many applications,
> but hardly any maximum size limits are checked during the decompression
> of untrusted content. 
> 
> We've created several bombs (bzip2, gzip, zip, mime-embedded bombs,
> png and gif graphics, openoffice zip bombs).
> With these some more applications like additional antivirus engines,
> various web browsers, openoffice.org, and the Gimp have been tested. 
> 
> As a result, much more applications as we thought crashed. The
> manufacturers of Software should be more careful with the processing
> of untrusted input.

For details see our full advisory:
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.h 
tml 

Harald Geiger 

-- 
Harald Geiger                                   Phone: +49-8102-895190
AERAsec Network Services and Security GmbH        Fax: +49-8102-895199
Wagenberger Stra?e 1
D-85662 Hohenbrunn                          E-Mail: hgeiger@...asec.de
Germany                                Internet: http://www.aerasec.de
PGP/GPG:         http://www.aerasec.de/wir/publickeys/HaraldGeiger.asc 

Powered by blists - more mailing lists