[Full-Disclosure] Re: Decompression Bombs

["Harald Geiger" <hgeiger@aerasec.de>]

Oops, sorry. The link point to the old advisory. Correct is: 

For details see our full advisory:
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.h 
tml 

On Tue, Feb 03, 2004 at 05:34:18PM +0100, Harald Geiger wrote:
> As a followup to
> http://lists.netsys.com/pipermail/full-disclosure/2004-January/015420.html
> where we pointed out vulnerabilities of some antivirus-gateways
> while decompressing bzip2-bombs, we were interested in the behaviour
> of various applications that process compressed data. 
>
> It looks like not only bzip2 bombs, but also decompression bombs in
> general might cause problems. Compression is used in many applications,
> but hardly any maximum size limits are checked during the decompression
> of untrusted content. 
>
> We've created several bombs (bzip2, gzip, zip, mime-embedded bombs,
> png and gif graphics, openoffice zip bombs).
> With these some more applications like additional antivirus engines,
> various web browsers, openoffice.org, and the Gimp have been tested. 
>
> As a result, much more applications as we thought crashed. The
> manufacturers of Software should be more careful with the processing
> of untrusted input.

For details see our full advisory:
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.h 
tml 

Harald Geiger 

--
Harald Geiger                                   Phone: +49-8102-895190
AERAsec Network Services and Security GmbH        Fax: +49-8102-895199
Wagenberger Straße 1
D-85662 Hohenbrunn                          E-Mail: hgeiger@aerasec.de
Germany                                Internet: http://www.aerasec.de
PGP/GPG:         http://www.aerasec.de/wir/publickeys/HaraldGeiger.asc 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html