lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: 3 Mar 2006 20:59:58 -0000
From: Michael.Lang@...kal-net.at
To: bugtraq@...urityfocus.com
Subject: Kaspersky Memory/CPU Usage Leak by design


Hi,

i've recently discovered a design problem in Kaspersky AV Scanner. Original seen on FileScanner for Unix 5.0.5 the Problematic files are also screewing up the latest 5.5.3 Version.

AS i didnt find an offical way to deploy this at Kaspersky i hope someone from them will read this 
and contact me to get a POC. 

Therefore not all details will be shown here to avoid massive attacks.
The file(s) are 1.6M of size and dont contain suspicous content.

calling 3 kavscanner instances already renders a P4 2.4Ghz Machine with 512Mb Ram useless after a few seconds.
A POC flashcapture is located at http://www.jackal-net.at/KasperskyLeakPOC.swf

did anyone else encountered a similar problem ?
ClamAV works fine on the same Files.

Kind Regards
Michael Lang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ