| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <401FCD8A.3090700@aerasec.de> From: hgeiger at aerasec.de (Harald Geiger) Subject: Decompression Bombs As a followup to http://lists.netsys.com/pipermail/full-disclosure/2004-January/015420.html where we pointed out vulnerabilities of some antivirus-gateways while decompressing bzip2-bombs, we were interested in the behaviour of various applications that process compressed data. It looks like not only bzip2 bombs, but also decompression bombs in general might cause problems. Compression is used in many applications, but hardly any maximum size limits are checked during the decompression of untrusted content. We've created several bombs (bzip2, gzip, zip, mime-embedded bombs, png and gif graphics, openoffice zip bombs). With these some more applications like additional antivirus engines, various web browsers, openoffice.org, and the Gimp have been tested. As a result, much more applications as we thought crashed. The manufacturers of Software should be more careful with the processing of untrusted input. For details see our full advisory: http://www.aerasec.de/security/advisories/bzip2bomb-antivirusengines.html Harald Geiger -- Harald Geiger Phone: +49-8102-895190 AERAsec Network Services and Security GmbH Fax: +49-8102-895199 Wagenberger Stra?e 1 D-85662 Hohenbrunn E-Mail: hgeiger@...asec.de Germany Internet: http://www.aerasec.de PGP/GPG: http://www.aerasec.de/wir/publickeys/HaraldGeiger.asc
Powered by blists - more mailing lists