[Dshield] Decompression Bombs

Brian Dessent brian at dessent.net
Thu Feb 5 13:57:12 GMT 2004


jayjwa wrote:

> > The bottom line: Take an extremely large file (100sGB) containing only a single byte value (such as x00), compress it, and you end up with a tiny file (~>64KB). That that file and used it as an email attachment, part of a web page, etc., that when it is decompressed, will crash the program that invoked the decompressor.
> 
> lol...
> Not that I doubt you... I'm just trying to picture who sits around
> compressing 100gig+ files... my entire system sits on 3gig. That must be
> one lonely individual.

It's a vulnerability that could lead to a denial or service (or worse.) 
The person crafts the archive for the specific purpose of taking out the
target's mail server.  And they most certainly don't need to actually
create a 100GB file to create the archive.

That kind of attitude is not how you run a secure system.  "Aww gee,
this vulnerability sure would take a lot of effort to exploit... I mean
what kind of loser is going to sit around and determine the stack
location of some return Address?  Man, what kind of lonely nerd makes
shellcode by hand?  Hehehe, he must have no life.  lol.  ...What do you
mean my server's been 0wned and is now serving warez?"

Brian




More information about the list mailing list