lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Jun 2004 15:28:32 -0700 From: "Messer, Jon" <JMesser@...co.com> To: "'bugtraq@...urityfocus.com'" <bugtraq@...urityfocus.com> Subject: RE: Multiple Antivirus Scanners DoS attack. Symantec AV Corporate version 8 doesnt seem to be affected. I scanned the blackhole.zip file and SAV corp v8 blew right through all levels of the compression and found and quarantined the EICAR test strings. -----Original Message----- From: Ethy H. Brito [mailto:ethy@...xo.com.br] Sent: Monday, June 14, 2004 10:48 AM To: bugtraq@...urityfocus.com Subject: Re: Multiple Antivirus Scanners DoS attack. On Mon, 14 Jun 2004 14:38:50 +0000 "bipin gautam" <visitbipin@...mail.com> wrote: > Multiple Antivirus Scanners DoS attack. > > --- [Vulnerable Products] --- > Only tested on... > > * Norton Antivirus 2002 > * Norton Antivirus 2003 > * Mcafee VirusScan 6 > * Network Associates (McAfee) VirusScan Enterprise 7.1 > * Windows Xp default ZIP manager [report's wrong size of compress ZIP > files.] Linux uvscan scan engine 4.3.20 (MacAfee) is also vulnerable. uvscan takes all CPU and lots of memory been only killed with signal 9 from another terminal. from 'top': PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 1306 nobody 15 0 22744 21M 1648 R 97.4 35.6 0:44 0 uvscan nobody@...alu:/usr/local/uvscan# ./uvscan -v -r --analyze --unzip BlackHole.zip Scanning BlackHole.zip Scanning file BlackHole.zip Scanning file BlackHole.zip/~.BZ2 ..... stalls here ..... -- Ethy H. Brito /"\ InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML +55 (12) 3941-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL S.J.Campos - Brasil / \
Powered by blists - more mailing lists