lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040709120347.52155.qmail@web20223.mail.yahoo.com>
From: visitbipin at yahoo.com (bipin gautam)
Subject: Re: Norton AntiVirus Scanner Remote DoS [temp. FIX!] [Part: !!!]

--- Stuart Moore <smoore@...urityglobal.net> wrote:
> Bipin,
> 
> Hi.  When I download
> http://www.geocities.com/visitbipin/EXTRACTit1st.zip
> and then extract 
> it to REVANGE_tmm.tar.bz2 and then run NAV on the
> bz2 file, Norton scans very quickly and 
> does not find any viruses.
> 
> Am I doing something wrong?  Is there really an
> EICAR string in REVANGE_tmm.tar.bz2?
> 
> Stuart
> 
> 

EXTRACTit1st.zip wasn't ment for Notron
antivirus........


> There is an option to allow users to abort the scan.
> Is it set ?

(O;

I don't think NAV engineers are still able to spot the
problem;
Lets HELP THEM OUT!

The problem doesn't lie within the NAV virus scan
engine; instead the 

problem lies within NAV file repair engine!

Well, within few seconds... after the AV scan have
started norton 

quickly scan's the infected file and smartly* skips
the empty folder 

within the zip archive!

But after norton detects virus in the archive it tries
to delete the 

virus within the archive, and re-create the
un-infected/fresh 

archive........ again!

The problem triggers when NAV tries to re-create the
50000 empty 

folders and construct the archive.

*ANY* av scanners that autometically tries to delete
the infected file 

and re-create the archive should be vulnerable to this
exploit!!!

Note: mark the fact... in the "AutoProtect Menu" of
the option tab in 

Norton AV the option........

*autometically repair the infected file <--- is set by
default!

you could temporarily be immune by this bug by setting
the option,

*deny access to the infected file. 

Did i just saved your MAIL SERVER???   (O; 

The compressed archive mustn't necessarily be a zip
archive to trigger 

this attack. You could experiment this with other
archive types......

HAS ANYONE TRIED THE EXPLOIT ON SOME OTHER AV
SCANNERS??????

These are time's when you want to download some other
AV scanners for a 30 days evaulation... There is a
high chance you may never switch back again!

bipin gautam
http://www.geocities.com/visitbipin/


		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ