Decades-Old Vulnerability Threatens 'Internet Of Things' (Dark Reading)

[Security] Posted Jun 26, 2014 21:17 UTC (Thu) by jake

Dark Reading writes about a newly-discovered bug that has existed for 20 years in multiple LZO compression implementations. "Patches for the integer overflow bug, which allows an attacker to cripple systems running the so-called Lempel-Ziv-Oberhumer (LZO) code with denial-of-service type attacks as well as remote code execution, were issued the past few days for the Linux kernel, as well as for various open-source media libraries. LZO handles high-speed compression and decompression of IP network traffic and files, typically images, in embedded systems. 'The most popular use is in image data, decompressing photos taken, raw images taken from a camera or video stream,' says Don Bailey, mobile and embedded systems security expert with Lab Mouse Security, who discovered the vulnerability while manually auditing the code."

Comments (17 posted)