Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Unzip of Death? SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Unzip of Death?

Buffer overflows and erratic behavior in decompression routines and unpackers are nothing new really, but CERT-FI (Finland) still has added a nice twist by providing a library of "fuzzed" (deliberately and randomly wrong) archive format test files.  www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html .  The patches that F-Secure AV released earlier today seem to be related to this issue - but I frankly rather have my AV listed as "affected, patch available" than as "unknown"....

Daniel

367 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!