lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 14 Jun 2004 15:28:32 -0700
From: "Messer, Jon" <JMesser@...co.com>
To: "'bugtraq@...urityfocus.com'" <bugtraq@...urityfocus.com>
Subject: RE: Multiple Antivirus Scanners DoS attack.


Symantec AV Corporate version 8 doesnt seem to be affected. I scanned the
blackhole.zip file and SAV corp v8 blew right through all levels of the
compression and found and quarantined the EICAR test strings.

-----Original Message-----
From: Ethy H. Brito [mailto:ethy@...xo.com.br]
Sent: Monday, June 14, 2004 10:48 AM
To: bugtraq@...urityfocus.com
Subject: Re: Multiple Antivirus Scanners DoS attack.


On Mon, 14 Jun 2004 14:38:50 +0000
"bipin gautam" <visitbipin@...mail.com> wrote:

> Multiple Antivirus Scanners DoS attack.
> 
> --- [Vulnerable Products] ---
>       Only tested on...
> 
> * Norton Antivirus 2002
> * Norton Antivirus 2003
> * Mcafee VirusScan 6
> * Network Associates (McAfee) VirusScan Enterprise 7.1
> * Windows Xp default ZIP manager [report's wrong size of compress ZIP 
> files.]

Linux uvscan scan engine 4.3.20 (MacAfee) is also vulnerable.
uvscan takes all CPU and lots of memory been only killed with signal 9 from
another terminal.

from 'top':
 PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME CPU COMMAND
1306 nobody    15   0 22744  21M  1648 R    97.4 35.6   0:44   0 uvscan

nobody@...alu:/usr/local/uvscan# ./uvscan -v -r --analyze --unzip
BlackHole.zip 
Scanning BlackHole.zip
Scanning file BlackHole.zip
Scanning file BlackHole.zip/~.BZ2
  ..... stalls here .....

-- 

Ethy H. Brito         /"\
InterNexo Ltda.       \ /  CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860     X   ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil   / \ 


Powered by blists - more mailing lists