Re: [Full-Disclosure] Multiple Antivirus Scanners DoS attack. [summery]

Mon, 14 Jun 2004 07:07:25 -0700

You can dos any machine with big enough files if they run out of partition(linux) or hard disk or memory space(windows). I had somebody show me this with a 20 gig bzipped null character attachment last year on this list.

bipin gautam wrote:

Multiple Antivirus Scanners DoS attack.



--- [Vulnerable Products] ---

           Only tested on...

* Norton Antivirus 2002
* Norton Antivirus 2003

* Mcafee VirusScan 6 * Network Associates (McAfee) VirusScan Enterprise 7.1

* F-Prot 4.4.2 for Linux

* Rav Antivirus online Scanner [Couldn't complete the
scan...]

* Windows Xp default ZIP manager [report's wrong size
of compress ZIP files.]

Risk Impact: Medium

--- [Details] ---
While having a manual scan of compressed files;
several Antivirus, Trojan, Spy ware scanners suffer a
DoS attack if the software tries to completely extract
the archive and scan its content for a hostile file.

--- [Proof of Concept] ---

Please download this file.

http://www.geocities.com/visitbipin/SERVER_dwn.zip

Moreover it's not safe to set automatically
'Quarantine/delete' option set for your AV scanner as
it may try to Quarantine the virus by extracting the
archive.


-----------

Bipin Gautam
http://www.geocities.com/visitbipin/

Disclaimer: The information in the advisory is
believed to be accurate at the time of printing based
on currently available information. Use of the
information constitutes acceptance for use in an AS IS
condition. There are no warranties with regard to this
information. Neither the author nor the publisher
accepts any liability for any direct, indirect or
consequential loss or damage arising from use of, or
reliance on this information.




__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


--
My "Foundation" verse:
Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Reply via email to