AERAsec - Network Security - Current Security Messages

Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!

This is some information you send:
Your Browser	CCBot/1.0 (+http://www.commoncrawl.org/bot.html)
Your IP address	(no reverse DNS resolution) [38.107.191.85]
Your referer	(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen message with ID ae-200402-006

System:	Several applications
Topic:	Possible Denial-of-Service caused by decompression bomb
Links:	AERAsec/decompression-bomb-vulnerability ae-200401-020, BugTraq, SecurityFocus/Bugtraq VulnID 9393, FullDisclosure, Packet Storm, HeiseNews, Heise PDA, Handelsblatt, KES, ComputerBase, KoSiB, IT-Audit, PCWorld, TechWorld, InfoWorld.com, InfoWorld NL, ITworld, Computerworld, Business Network Communications, bmonday(dot)com, IDG SE, IDG SG, NetworkWorldFusion, ForbiddenWeb, TrimMail, YOZ, InformIT, DataCompression, The Spam Weblog, LinuxNews PL, Kitetoa, PTnix, Radium Software Development JP, Mozilla/Bugzilla#233262, amavisd-new
ID:	ae-200402-006

Further investigations after publication of the problems with bzip2 bombs of antivirus scanner software brought interesting results. Also several other applications have no anomaly detection on opening compressed data. This mostly causes a crash or a fulfilled temporary directory, which leads in many cases to an unusable system. We have investigated some applications (antivirus-scanners, web browsers, image manipulation- and office programs) and the results published in our Advisory.