[tanya-jawab] Fwd: Multiple Antivirus Scanners DoS attack.

Mon, 21 Jun 2004 01:51:44 -0700 

Halo,

Udah pada nyobain belum, men-scan SERVER_dwn.zip-nya bipin?
Dilaporkan ketika scan engine dari antivirus men-scan SERVER_dwn.zip, 
mengambil resource CPU dan memori banyak.
Salah satu yang dilaporkan adalah Linux uvscan McAffee, yang lainnya silahkan 
dilihat di archive milis bugtraq ato coba tes sendiri.
Kali aja ada pengguna yang pengen nyobain nge-DoS dengan nge-download ato 
ngirim SERVER_dwn.zip ato sejenisnya.

FYI, walau mungkin udah basi..

_stwn

----------  Forwarded Message  ----------

Subject: Multiple Antivirus Scanners DoS attack.
Date: Monday 14 June 2004 16:38
From: "bipin gautam" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]

Multiple Antivirus Scanners DoS attack.

--- [Vulnerable Products] ---
      Only tested on...

* Norton Antivirus 2002
* Norton Antivirus 2003
* Mcafee VirusScan 6
* Network Associates (McAfee) VirusScan Enterprise 7.1
* Windows Xp default ZIP manager [report's wrong size of compress ZIP
files.]

There has been multiple reports [Unconfirmed]
*F-Prot 4.4.2 for Linux
*Panda Antivirus

Are vulnerable.


Risk Impact: Medium

--- [Details] ---

While having a manual scan of compressed files; several Antivirus, Trojan,
Spy ware scanners suffer a DoS attack if the software tries to completely
extract the archive and scan its content for a hostile file.

--- [Proof of Concept] ---
Please download this file.
http://www.geocities.com/visitbipin/SERVER_dwn.zip

Moreover it's not safe to set automatically 'Quarantine/delete' option set
for your AV scanner as it may try to Quarantine the virus by extracting the
archive.

-----------
Bipin Gautam
http://www.geocities.com/visitbipin/

Disclaimer: The information in the advisory is believed to be accurate at
the time of printing based on currently available information. Use of the
information constitutes acceptance for use in an AS IS condition. There are
no warranties with regard to this information. Neither the author nor the
publisher accepts any liability for any direct, indirect or consequential
loss or damage arising from use of, or reliance on this information.

-- 
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip dan info di http://linux.or.id/milis.php
FAQ milis http://linux.or.id/faq.php

Kirim email ke