|
Bugtraq
mailing list archives
Re: Multiple Antivirus Scanners DoS attack.
From: "Ethy H. Brito" <ethy () inexo com br>
Date: Mon, 14 Jun 2004 14:48:09 -0300
On Mon, 14 Jun 2004 14:38:50 +0000
"bipin gautam" <visitbipin () hotmail com> wrote:
Multiple Antivirus Scanners DoS attack.
--- [Vulnerable Products] ---
Only tested on...
* Norton Antivirus 2002
* Norton Antivirus 2003
* Mcafee VirusScan 6
* Network Associates (McAfee) VirusScan Enterprise 7.1
* Windows Xp default ZIP manager [report's wrong size of compress ZIP
files.]
Linux uvscan scan engine 4.3.20 (MacAfee) is also vulnerable.
uvscan takes all CPU and lots of memory been only killed with signal 9 from another terminal.
from 'top':
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
1306 nobody 15 0 22744 21M 1648 R 97.4 35.6 0:44 0 uvscan
nobody () babalu:/usr/local/uvscan# ./uvscan -v -r --analyze --unzip BlackHole.zip
Scanning BlackHole.zip
Scanning file BlackHole.zip
Scanning file BlackHole.zip/~.BZ2
..... stalls here .....
--
Ethy H. Brito /"\
InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil / \
 By Date 
By Thread
Current thread:
| 
Intro
