lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040709192836.5965.qmail@web20224.mail.yahoo.com>
From: visitbipin at yahoo.com (bipin gautam)
Subject: Multiple Antivirus Scanners DoS attack. [summery]

--- "Dr. Peter Bieringer" <pbieringer@...asec.de>
wrote:
> 
> 
> --On Montag, 14. Juni 2004 01:28 -0700 bipin gautam
> <visitbipin@...oo.com> 
> wrote:
> 
> > Multiple Antivirus Scanners DoS attack.
> 
> ...
> 
> What's *really* new to
>
<http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html>
> 
> ?
> 
> 	Peter
I had my eye on.....
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html#History

---snip----
History of this issue itself

    * early '90s: ARC/LZH/ZIP/RAR-Bombs were used in
DoS of Fidonet systems
    * 2002-01-01: Paul L. Daniels publishes first
version of 'arbomb' (Archive "Bomb" detection utility)
    * 2003-08-29: Posting by Steve Wray on mailinglist
FullDisclosure mentions a bzip2 bomb
    * 2003-09-01: AERAsec found that some antivirus
software is vulnerable against the posted bzip2 bomb
    * 2004-01-09: Publishing of the advisory
bzip2bomb-antivirusengines
    * 2004-01-15: Investigation of gzip'ed HTML and
PNG/GIF bombs
    * 2004-02-03: Publishing of this advisory

----snip--------
well... my advisory on winrar
http://www.securityfocus.com/bid/8572 was published
on,
2003-09-9

and was in informal discussion on AV/archive DoS
attack in the internet long before this published
date..
.
but looking at the history in your site........

# 2003-09-01: AERAsec found that some antivirus
software is vulnerable against the posted bzip2 bomb
# 2004-01-09: Publishing of the advisory
bzip2bomb-antivirusengines

-------------------

seems like, we were working parallel....... in the
nearly same work; right across the globe!
The av dos issue have also been addressed in, 
http://www.securityfocus.com/bid/8572/discussion/


see, your discussion on archive bomb [*.bz2] was
published.... very lately in,
2004-01-09: Publishing of the advisory
bzip2bomb-antivirusengines

(O; well..... see I DIDN'T TAKE ANY REFRENCE TO YOUR
ADVISORY...... cauz i knew/discussed about such issue
well far back , 2003-09-9
http://www.securityfocus.com/bid/8572 

_______________________________________________

When you first published your advisory in 2004 i also
thought this same thing,....... 

What's *really* new to
http://www.securityfocus.com/bid/8572 published in
2003

__________________________________
I don't think the AV vendors listened to either of US!
until......... this advisory SPECIALLY focused in this
topic. It's not necessary... two SQL injection, even
while using same parameters can be stated... THEY ARE
SAME!!!

__________________________________________________
 
Hay guy, let's focus on the current issue for the time
being!

Norton Antivirus Remote Denial of service
Vulnerability 
http://www.geocities.com/visitbipin/Nav_dos_part_3.html

please test it with other av products as well..., i
wonder why isn't there any coments/FINDINGS addressing
this current issue or has FD community stopped using
NAV.


bipin gautam


		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ