there was a mistake while uploading the file, Now the link is fixed!!!
well, while scannng this archive NAV consumes 56MB of memory..... crafting a bigger archive may consume more memory!!! ps: the archive is not password protected, under certain condition some unzip utility... thinks a archive is password protected even while the archive isn't. ------------ bipin gautam --- "Peter B. Harvey (Information Security)" <[EMAIL PROTECTED]> wrote: > > Could you please password protect it and email it to > me. Ill test on Trend Micro. > > Peter > > -----Original Message----- > From: bipin gautam [mailto:[EMAIL PROTECTED] > Sent: Friday, July 09, 2004 10:40 AM > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] Norton AntiVirus Scanner > Remote Denial Of > ServiceVulnerability [Part: !!!] > > > Anti-Virus Scanner Remote Denial Of Service > Vulnerability [Part: !!!] > > *vulnerable [...only tested on!] > > Symantec Norton AntiVirus 2003 Professional Edition > Symantec Norton AntiVirus 2002 > > *not vulnerable > Mcafee 7* > Mcafee 8* > > Risk Impact: Medium > Remote: yes > > Description: > While having a virus scan [automatic/manual] of some > specially crafted compressed files; NAV triggers a > DoS > using 100% CPU for a very long time. Morover, NAV is > unable to stop the scan in middle, even if the user > wishes to manually stop the virus scan. Then, in > this > situation the only alternate is to kill the process. > --- [Proof of Concept] --- > Please download this file. > > http://www.geocities.com/visitbipin/av_bomb_3.zip > > <--- For symantec. > > > http://www.geocities.com/visitbipin/EXTRACTit1st.zip > <--- A bzip2 file, test it on other AV products, > too. > > The file contains, 'EICAR Test String' burried in > 49647 directories. This is just a RAW 'proof of > concept'. A few 100kb's of compressed file could be > crafted in a way... NAV will take hours or MIGHT > even > days to complete the scan causing 100% cup use in > email gateways for hours. The compressed archive > must > not necessarily be a '.zip' to trigger this attack. > > I've decided not to contact SYMANTEC in any of my > advisories since their "security responce team" is > too > slow to responce any reported incidence. PLEASE: > ...test this issue with other AV / trojan scanners > as > they might also be vulnerable. > > ----------- > Bipin Gautam > http://www.geocities.com/visitbipin/ > > Disclaimer: The information in the advisory is > believed to be accurate at the time of printing > based > on currently available information. Use of the > information constitutes acceptance for use in an AS > IS > condition. There are no warranties with regard to > this > information. Neither the author nor the publisher > accepts any liability for any direct, indirect or > consequential loss or damage arising from use of, or > reliance on this information. > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail is new and improved - Check it out! > http://promotions.yahoo.com/new_mail > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.netsys.com/full-disclosure-charter.html > > This correspondence is for the named persons only. > It may contain confidential or privileged > information or both. > No confidentiality or privilege is waived or lost by > any mis transmission. > If you receive this correspondence in error please > delete it from your system immediately and notify > the sender. > You must not disclose, copy or relay on any part of > this correspondence, if you are not the intended > recipient. > Any opinions expressed in this message are those of > the individual sender except where the sender > expressly, > and with the authority, states them to be the > opinions of the Department of Emergency Services, > Queensland. > __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
