lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 14 Jun 2004 14:38:50 +0000
From: "bipin gautam" <visitbipin@...mail.com>
To: cert@...t.org, bugtraq@...urityfocus.com
Cc: wk@....org, vulndiscuss@...nwatch.org,
	vulndiscuss-owner@...nwatch.org
Subject: Multiple Antivirus Scanners DoS attack.


Multiple Antivirus Scanners DoS attack.

--- [Vulnerable Products] ---
      Only tested on...

* Norton Antivirus 2002
* Norton Antivirus 2003
* Mcafee VirusScan 6
* Network Associates (McAfee) VirusScan Enterprise 7.1
* Windows Xp default ZIP manager [report's wrong size of compress ZIP 
files.]

There has been multiple reports [Unconfirmed]
*F-Prot 4.4.2 for Linux
*Panda Antivirus

Are vulnerable.


Risk Impact: Medium

--- [Details] ---

While having a manual scan of compressed files; several Antivirus, Trojan, 
Spy ware scanners suffer a DoS attack if the software tries to completely 
extract the archive and scan its content for a hostile file.

--- [Proof of Concept] ---
Please download this file.
http://www.geocities.com/visitbipin/SERVER_dwn.zip

Moreover it's not safe to set automatically 'Quarantine/delete' option set 
for your AV scanner as it may try to Quarantine the virus by extracting the 
archive.

-----------
Bipin Gautam
http://www.geocities.com/visitbipin/

Disclaimer: The information in the advisory is believed to be accurate at 
the time of printing based on currently available information. Use of the 
information constitutes acceptance for use in an AS IS condition. There are 
no warranties with regard to this information. Neither the author nor the 
publisher accepts any liability for any direct, indirect or consequential 
loss or damage arising from use of, or reliance on this information.

_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today! 
http://www.msn.co.uk/messenger

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ