| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Jun 2004 06:02:12 -0400 From: "Brian Christmas" <bchristmas@...wardtechnology.net> To: <bugtraq@...urityfocus.com> Subject: RE: Multiple Antivirus Scanners DoS attack. Hello, Just tried this using PC-Cillin version 11.31 with def file of 1.905.00. With default settings real-time scan did not detect a virus in the zip file. Doing a manual scan hosed the PC. Tried to kill pc-cillin process but was unable to. Next I tested by maxing out the scan layer for both manual and real-time settings. Real-time detected the EICAR virus but was unable to quarantine or delete the file. As for the manual scan it again hosed my PC where the only thing I could do was a hard reboot. Will test this on Trend Micro's Client/Server/Messaging next. > -----Original Message----- > From: bipin gautam [mailto:visitbipin@...mail.com] > Sent: Monday, June 14, 2004 4:39 PM > To: cert@...t.org; bugtraq@...urityfocus.com > Cc: wk@....org; vulndiscuss@...nwatch.org; > vulndiscuss-owner@...nwatch.org > Subject: Multiple Antivirus Scanners DoS attack. > > Multiple Antivirus Scanners DoS attack. > > --- [Vulnerable Products] --- > Only tested on... > > * Norton Antivirus 2002 > * Norton Antivirus 2003 > * Mcafee VirusScan 6 > * Network Associates (McAfee) VirusScan Enterprise 7.1 > * Windows Xp default ZIP manager [report's wrong size of > compress ZIP files.] > > There has been multiple reports [Unconfirmed] *F-Prot 4.4.2 > for Linux *Panda Antivirus > > Are vulnerable. > > > Risk Impact: Medium > > --- [Details] --- > > While having a manual scan of compressed files; several > Antivirus, Trojan, Spy ware scanners suffer a DoS attack if > the software tries to completely extract the archive and scan > its content for a hostile file. > > --- [Proof of Concept] --- > Please download this file. > http://www.geocities.com/visitbipin/SERVER_dwn.zip > > Moreover it's not safe to set automatically > 'Quarantine/delete' option set for your AV scanner as it may > try to Quarantine the virus by extracting the archive. > > ----------- > Bipin Gautam > http://www.geocities.com/visitbipin/ > > Disclaimer: The information in the advisory is believed to be > accurate at the time of printing based on currently available > information. Use of the information constitutes acceptance > for use in an AS IS condition. There are no warranties with > regard to this information. Neither the author nor the > publisher accepts any liability for any direct, indirect or > consequential loss or damage arising from use of, or reliance > on this information. > > _________________________________________________________________ > It's fast, it's easy and it's free. Get MSN Messenger today! > http://www.msn.co.uk/messenger > >
Powered by blists - more mailing lists