Search My Blog

Saturday, September 13, 2008

AERAsec - Network Security - Eigene Advisories

System: Several Anti-Virus Scanner Software, Web browsers, Applications, possibly other software classes
Topic: Possible Denial-of-Service caused by decompression bombs

URLs of this advisory:
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html (HTML)
http://www.aerasec.de/security/advisories/txt/decompressionbomb-overview.txt (short overview in TXT)
See also: ae-200402-006

Decompression bomb vulnerabilities

(P) & (C) 2004-2008, AERAsec Network Services and Security GmbH  The information in this advisory may be freely distributed or reproduced,  provided that the advisory is not modified in any way.


http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html

Zip bomb
From Wikipedia, the free encyclopedia
Jump to: navigation, search
    This article needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (March 2008)

A zip bomb, also known as a Zip of Death, is a type of denial of service attack. Specifically, it is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, so that a more traditional virus sent afterwards could get through undetected.

Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.

A zip bomb is usually a small file (up to a few hundred kilobytes) for ease of transport and to avoid suspicion. However, when the file is unpacked its contents are more than the system can handle.

http://en.wikipedia.org/wiki/Zip_bomb


Know This Term : "Decompression Bomb"

Yeah really! Just a couple minutes ago, I was running a full system scan with my avast! Antivirus; no malware was found (as usual!), but there was something really funny (or really dangerous) in the results log. Check out the screenshot yourself :


I had never heard of this term of before so I immediately fired up a Google search. This is what Wikipedia has to say about these cyber bombs :

A decompression bomb is a type of denial-of-service attack, in which a small compressed file expands to an enormous size, requiring large amounts of system resources and possibly causing the software or the entire system to hang. All major web browsers are vulnerable to the attack, which may be launched merely by visiting a malicious website using the standard gzip transfer encoding.

These definitely seem to be severe problems, but I have little to worry because the 'bombs' in my PC are just the Linux ISO files (the last things you would associate the term 'malware' with). However if you encounter real decompression bomb files in your PC, make sure you delete those immediately; because the next time you try, it might have already exploded!

http://pctonic.blogspot.com/2008/07/know-this-term-decompression-bomb.html
--
Don Bishop E-Mail Sig Web Site Links 08-10-08
God Bless,

Don

No comments: