lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040615181856.8777.qmail@www.securityfocus.com>
Date: 15 Jun 2004 18:18:56 -0000
From: <jspanitz@...ls.com>
To: bugtraq@...urityfocus.com
Subject: Re: Multiple Antivirus Scanners DoS attack.


In-Reply-To: <BAY17-F32jMdiiRq5jP00147ef0@...mail.com>

CA eTrust Antivirus 7.0 SP2 scans and detects with no problems.
>
>Multiple Antivirus Scanners DoS attack.
>
>--- [Vulnerable Products] ---
>      Only tested on...
>
>* Norton Antivirus 2002
>* Norton Antivirus 2003
>* Mcafee VirusScan 6
>* Network Associates (McAfee) VirusScan Enterprise 7.1
>* Windows Xp default ZIP manager [report's wrong size of compress ZIP 
>files.]
>
>There has been multiple reports [Unconfirmed]
>*F-Prot 4.4.2 for Linux
>*Panda Antivirus
>
>Are vulnerable.
>
>
>Risk Impact: Medium
>
>--- [Details] ---
>
>While having a manual scan of compressed files; several Antivirus, Trojan, 
>Spy ware scanners suffer a DoS attack if the software tries to completely 
>extract the archive and scan its content for a hostile file.
>
>--- [Proof of Concept] ---
>Please download this file.
>http://www.geocities.com/visitbipin/SERVER_dwn.zip
>
>Moreover it's not safe to set automatically 'Quarantine/delete' option set 
>for your AV scanner as it may try to Quarantine the virus by extracting the 
>archive.
>
>-----------
>Bipin Gautam
>http://www.geocities.com/visitbipin/
>
>Disclaimer: The information in the advisory is believed to be accurate at 
>the time of printing based on currently available information. Use of the 
>information constitutes acceptance for use in an AS IS condition. There are 
>no warranties with regard to this information. Neither the author nor the 
>publisher accepts any liability for any direct, indirect or consequential 
>loss or damage arising from use of, or reliance on this information.
>
>_________________________________________________________________
>It's fast, it's easy and it's free. Get MSN Messenger today! 
>http://www.msn.co.uk/messenger
>
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ