Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Decompression Bombs
From: Matthias Leu <mleu () aerasec de>
Date: Tue, 03 Feb 2004 18:04:09 +0100
As a followup to http://www.securityfocus.com/bid/9393/, where we pointed out vulnerabilities of some antivirus-gateways while decompressing bzip2-bombs, we were interested in the behaviour of various applications that process compressed data.
It looks as if not only bzip2 bombs, but also decompression bombs in general might cause problems. Compression is used in many applications, but hardly any maximum size limits are checked during the decompression of untrusted content.
We've created several bombs (bzip2, gzip, zip, mime-embedded bombs, png and gif graphics, openoffice zip bombs). With these we tested some more applications like additional antivirus engines, various web browsers, openoffice.org, and the Gimp.
As a result, much more applications as we thought crashed. The manufacturers of software should care more about the processing of untrusted input.
For details see our full advisory, written by Dr. Peter Bieringer: http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html 

Best regards,
Dr. Matthias Leu
--
AERAsec Network Services and Security GmbH
Wagenberger Strasse 1
D-85662 Hohenbrunn, Germany
http://www.aerasec.de

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]