Vigil@nce - Apache Ant, Commons Compress: denial of service via bzip2
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When an attacker can transmit data to compress by bzip2 to Apache
Ant or Apache Commons Compress, he can create a denial of service.
Severity: 1/4
Creation date: 24/05/2012
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The bzip2 compression algorithm uses the Burrows-Wheeler
Transformation (BWT). This transformation groups successive
characters, in order to facilitate their compression. The
transformation of a string of length N:
– generates the N rotations of this string
– sorts these N lines
– obtains the N last characters (which are the characters before
the first sorted character)
– create a new string containing these N characters
Thus, if the original string contains several times the word "TO",
the resulting string contains several successive "T".
In this algorithm, sorting is the most resource consuming
operation. However, if input data are repetitive, the sorting
algorithm implemented in Apache Ant and Apache Commons Compress is
not efficient, and no fall-back algorithm is used (as in bzip2
tools).
When an attacker can transmit data to compress by bzip2 to Apache
Ant or Apache Commons Compress, he can therefore create a denial
of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-Ant-Commons-Compress-denial-of-service-via-bzip2-11654