[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040203182437.9D5B6137E8@smtp2.aerasec.de>
From: hgeiger at aerasec.de (Harald Geiger)
Subject: Re: Decompression Bombs
Oops, sorry. The link point to the old advisory. Correct is:
For details see our full advisory:
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.h
tml
On Tue, Feb 03, 2004 at 05:34:18PM +0100, Harald Geiger wrote:
> As a followup to
> http://lists.netsys.com/pipermail/full-disclosure/2004-January/015420.html
> where we pointed out vulnerabilities of some antivirus-gateways
> while decompressing bzip2-bombs, we were interested in the behaviour
> of various applications that process compressed data.
>
> It looks like not only bzip2 bombs, but also decompression bombs in
> general might cause problems. Compression is used in many applications,
> but hardly any maximum size limits are checked during the decompression
> of untrusted content.
>
> We've created several bombs (bzip2, gzip, zip, mime-embedded bombs,
> png and gif graphics, openoffice zip bombs).
> With these some more applications like additional antivirus engines,
> various web browsers, openoffice.org, and the Gimp have been tested.
>
> As a result, much more applications as we thought crashed. The
> manufacturers of Software should be more careful with the processing
> of untrusted input.
For details see our full advisory:
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.h
tml
Harald Geiger
--
Harald Geiger Phone: +49-8102-895190
AERAsec Network Services and Security GmbH Fax: +49-8102-895199
Wagenberger Stra?e 1
D-85662 Hohenbrunn E-Mail: hgeiger@...asec.de
Germany Internet: http://www.aerasec.de
PGP/GPG: http://www.aerasec.de/wir/publickeys/HaraldGeiger.asc
Powered by blists - more mailing lists