lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <D8E31F31E72A1A46BDAE6D3FEDCD822DDCE9@dcroot.forwardtechnology.net>
Date: Wed, 16 Jun 2004 06:02:12 -0400
From: "Brian Christmas" <bchristmas@...wardtechnology.net>
To: <bugtraq@...urityfocus.com>
Subject: RE: Multiple Antivirus Scanners DoS attack.


Hello,

Just tried this using PC-Cillin version 11.31 with def file of 1.905.00.


With default settings real-time scan did not detect a virus in the zip
file.  Doing a manual scan hosed the PC.  Tried to kill pc-cillin
process but was unable to.  

Next I tested by maxing out the scan layer for both manual and real-time
settings.  Real-time detected the EICAR virus but was unable to
quarantine or delete the file.  As for the manual scan it again hosed my
PC where the only thing I could do was a hard reboot.

Will test this on Trend Micro's Client/Server/Messaging next.


> -----Original Message-----
> From: bipin gautam [mailto:visitbipin@...mail.com] 
> Sent: Monday, June 14, 2004 4:39 PM
> To: cert@...t.org; bugtraq@...urityfocus.com
> Cc: wk@....org; vulndiscuss@...nwatch.org; 
> vulndiscuss-owner@...nwatch.org
> Subject: Multiple Antivirus Scanners DoS attack.
> 
> Multiple Antivirus Scanners DoS attack.
> 
> --- [Vulnerable Products] ---
>       Only tested on...
> 
> * Norton Antivirus 2002
> * Norton Antivirus 2003
> * Mcafee VirusScan 6
> * Network Associates (McAfee) VirusScan Enterprise 7.1
> * Windows Xp default ZIP manager [report's wrong size of 
> compress ZIP files.]
> 
> There has been multiple reports [Unconfirmed] *F-Prot 4.4.2 
> for Linux *Panda Antivirus
> 
> Are vulnerable.
> 
> 
> Risk Impact: Medium
> 
> --- [Details] ---
> 
> While having a manual scan of compressed files; several 
> Antivirus, Trojan, Spy ware scanners suffer a DoS attack if 
> the software tries to completely extract the archive and scan 
> its content for a hostile file.
> 
> --- [Proof of Concept] ---
> Please download this file.
> http://www.geocities.com/visitbipin/SERVER_dwn.zip
> 
> Moreover it's not safe to set automatically 
> 'Quarantine/delete' option set for your AV scanner as it may 
> try to Quarantine the virus by extracting the archive.
> 
> -----------
> Bipin Gautam
> http://www.geocities.com/visitbipin/
> 
> Disclaimer: The information in the advisory is believed to be 
> accurate at the time of printing based on currently available 
> information. Use of the information constitutes acceptance 
> for use in an AS IS condition. There are no warranties with 
> regard to this information. Neither the author nor the 
> publisher accepts any liability for any direct, indirect or 
> consequential loss or damage arising from use of, or reliance 
> on this information.
> 
> _________________________________________________________________
> It's fast, it's easy and it's free. Get MSN Messenger today! 
> http://www.msn.co.uk/messenger
> 
> 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ