| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: npguy at websurfer.com.np (npguy) Subject: Multiple Antivirus Scanners DoS attack. [summery] well The advisory makes no details and seems to be very naive touch. On Monday 14 June 2004 02:13 pm, bipin gautam wrote: > Multiple Antivirus Scanners DoS attack. > > * F-Prot 4.4.2 for Linux linux F-Prot work perfectly well. Test before you make claims. > > * Rav Antivirus online Scanner [Couldn't complete the > scan...] > > * Windows Xp default ZIP manager [report's wrong size > of compress ZIP files.] if you mess with headers any compression API tells you the same wrong size. Check zlib, infoZip, rar, arj. There is no way to get detect these changes. Checking each file integrity against the header info will take significiant anount of time. Anyway like WinZIP the extraction routine seek file content until the the next header stats. So that the altered file size will not able to fool the routine i.e Design Error. I believe the this is also related with the same problem of WinRAR and it is also the same design error i believe. It trust the header info and start extracting the files. > > --- [Details] --- > While having a manual scan of compressed files; > several Antivirus, Trojan, Spy ware scanners suffer a > DoS attack if the software tries to completely extract > the archive and scan its content for a hostile file. > Those using infoZip and zlib library or even WinZIP as external extractor, won't suffer from this problem.
Powered by blists - more mailing lists