[Dshield] Decompression Bombs

Alonzo Hess alonzo.hess at uavco.com
Fri Feb 6 19:15:38 GMT 2004


----- Original Message ----- 
From: "Bruyere, Michel" <mbruyere at ezemcanada.com>
To: "'General DShield Discussion List'" <list at dshield.org>
Sent: Friday, February 06, 2004 9:40 AM
Subject: RE: [Dshield] Decompression Bombs


> >
> > This has been known for some time. There's a .zip floating around called
> > 42.zip which does just that. It supposedly creates a hierarchy of files
> > totalling 4.5PB. That's Peta Bytes. Unverified, though...
> >
>
>
> The file contains 16 zipped files, which again contains 16 zipped files,
> which again contains 16 zipped files, which again contains 16 zipped,
which
> again contains 16 zipped files, which contain 1 file, with the size of
> 4.3GB.
>
> So, if you extract all files, you will most likely run out of space :-)
>
>
> 16 x 4294967295       = 68.719.476.720 (68GB)
> 16 x 68719476720      = 1.099.511.627.520 (1TB)
> 16 x 1099511627520    = 17.592.186.040.320 (17TB)
> 16 x 17592186040320   = 281.474.976.645.120 (281TB)
> 16 x 281474976645120  = 4.503.599.626.321.920 (4,5PB)
>
>
> Mcafee nicely detected it as "ZIP-crash file"
>
Norton AV Corp edition 8.00.9374
Scan Engine 4.1.0.15
defs dated 2/5/04 rev5

scanned 4369 files and didn't complain about it.

Alonzo Hess Jr
Systems Administrator
United American Video
803.548.1056 xt1163





More information about the list mailing list