BTW, there also seems to be a DoS issue fixed in bzip2 1.0.3:
Quote:
bzip2 decompression bomb vulnerability
======================================
Programs affected: bzip2 and programs which reuse bzip2
Severity: Decompression bomb leading to DoS
Discovered date: May 4th 2005
Vendor notified date: May 4th 2005
Updates being released (issue out of the bag): May 20th 2005
Whilst playing with "random bitflipping" technology, an effective decompression bomb attack against bzip2 was identified. bzip2 can be made to decompress into a file indefinitely when it encounters a suitably corrupt bzip2 archive.
This vulnerability and allegedly others are already fixed in v1.0.3. However, the uptake of v1.0.3 has been slow; there does not seem to be an awareness that v1.0.3 fixes security issues. Security updates are required and vendors need to check their codebases for static copies of bzip code.
|
http://scary.beasts.org/security/CESA-2005-002.txt
there's a decompression bomb demo here:
http://scary.beasts.org/misc/bomb.bz2
here's the secunia advisory:
http://secunia.com/advisories/15447/
and the CVE CAN:
http://cve.mitre.org/cgi-bin/cvename...=CAN-2005-1260