[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040615181856.8777.qmail@www.securityfocus.com>
Date: 15 Jun 2004 18:18:56 -0000
From: <jspanitz@...ls.com>
To: bugtraq@...urityfocus.com
Subject: Re: Multiple Antivirus Scanners DoS attack.
In-Reply-To: <BAY17-F32jMdiiRq5jP00147ef0@...mail.com>
CA eTrust Antivirus 7.0 SP2 scans and detects with no problems.
>
>Multiple Antivirus Scanners DoS attack.
>
>--- [Vulnerable Products] ---
> Only tested on...
>
>* Norton Antivirus 2002
>* Norton Antivirus 2003
>* Mcafee VirusScan 6
>* Network Associates (McAfee) VirusScan Enterprise 7.1
>* Windows Xp default ZIP manager [report's wrong size of compress ZIP
>files.]
>
>There has been multiple reports [Unconfirmed]
>*F-Prot 4.4.2 for Linux
>*Panda Antivirus
>
>Are vulnerable.
>
>
>Risk Impact: Medium
>
>--- [Details] ---
>
>While having a manual scan of compressed files; several Antivirus, Trojan,
>Spy ware scanners suffer a DoS attack if the software tries to completely
>extract the archive and scan its content for a hostile file.
>
>--- [Proof of Concept] ---
>Please download this file.
>http://www.geocities.com/visitbipin/SERVER_dwn.zip
>
>Moreover it's not safe to set automatically 'Quarantine/delete' option set
>for your AV scanner as it may try to Quarantine the virus by extracting the
>archive.
>
>-----------
>Bipin Gautam
>http://www.geocities.com/visitbipin/
>
>Disclaimer: The information in the advisory is believed to be accurate at
>the time of printing based on currently available information. Use of the
>information constitutes acceptance for use in an AS IS condition. There are
>no warranties with regard to this information. Neither the author nor the
>publisher accepts any liability for any direct, indirect or consequential
>loss or damage arising from use of, or reliance on this information.
>
>_________________________________________________________________
>It's fast, it's easy and it's free. Get MSN Messenger today!
>http://www.msn.co.uk/messenger
>
>
Powered by blists - more mailing lists