lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 16 Jul 2004 15:13:56 -0000
From: Bipin Gautam <visitbipin@...mail.com>
To: bugtraq@...urityfocus.com
Subject: Re: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]


In-Reply-To: <OF4FE03EE4.3D6B6CBB-ON88256ED0.00717712-87256ED0.0077C6E6@...antec.com>



there has been reports norton AntiVirus 2004 and norton AntiVirus 2005 (beta) is also prone to the exploit. 

It's always hard to handle such tricks unless you specify a timeout value to scan a particular file. But, i doubt if this the right way to handle any file!

even if we impliment signatures for archive bombs, there are 10's of possibility to make..... again something different that the AV wont detect. )O;

bipin 
>
>Symantec is aware and currently investigating this issue.
>
>- - ------------------------------------------------------------------
>Symantec Product Security Team
>Symantec takes the security of our products seriously and is a
>responsible disclosure company.  You can view our response policies
>at http://www.symantec.com/security. 
>We will work directly with anyone who believes they have found a
>security issue in a Symantec product to validate the problem and
>coordinate any  response deemed necessary. 
>
>Please contact secure@...antec.com concerning security issues with
>Symantec products.
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 8.0.2
>
>iQA/AwUBQPRYmgLsezw0Sg5hEQKMXwCfXBaa1eTtyUwKGQvP/ntZoLoIzt0AoLk+
>HFxGjSMoFD1pi21ZCnjkw3VG
>=Et3m
>-----END PGP SIGNATURE-----
>


Powered by blists - more mailing lists