[Dshield] Decompression Bombs

Jon R. Kibler Jon.Kibler at aset.com
Wed Feb 4 17:00:58 GMT 2004


I ran across this article in another maillist. Thought it may be of interest here.
	http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html

The bottom line: Take an extremely large file (100sGB) containing only a single byte value (such as x00), compress it, and you end up with a tiny file (~>64KB). That that file and used it as an email attachment, part of a web page, etc., that when it is decompressed, will crash the program that invoked the decompressor.

--
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list