Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Multiple Antivirus Scanners DoS attack. [summery]
From: bipin gautam <visitbipin () yahoo com>
Date: Fri, 9 Jul 2004 12:27:57 -0700 (PDT)

--- "Dr. Peter Bieringer" <pbieringer () aerasec de>
wrote:


--On Montag, 14. Juni 2004 01:28 -0700 bipin gautam
<visitbipin () yahoo com> 
wrote:

Multiple Antivirus Scanners DoS attack.

...

What's *really* new to

<http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html>

?

      Peter
I had my eye on.....
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html#History

---snip----
History of this issue itself

    * early '90s: ARC/LZH/ZIP/RAR-Bombs were used in
DoS of Fidonet systems
    * 2002-01-01: Paul L. Daniels publishes first
version of 'arbomb' (Archive "Bomb" detection utility)
    * 2003-08-29: Posting by Steve Wray on mailinglist
FullDisclosure mentions a bzip2 bomb
    * 2003-09-01: AERAsec found that some antivirus
software is vulnerable against the posted bzip2 bomb
    * 2004-01-09: Publishing of the advisory
bzip2bomb-antivirusengines
    * 2004-01-15: Investigation of gzip'ed HTML and
PNG/GIF bombs
    * 2004-02-03: Publishing of this advisory

----snip--------
well... my advisory on winrar
http://www.securityfocus.com/bid/8572 was published
on,
2003-09-9

and was in informal discussion on AV/archive DoS
attack in the internet long before this published
date..
.
but looking at the history in your site........

# 2003-09-01: AERAsec found that some antivirus
software is vulnerable against the posted bzip2 bomb
# 2004-01-09: Publishing of the advisory
bzip2bomb-antivirusengines

-------------------

seems like, we were working parallel....... in the
nearly same work; right across the globe!
The av dos issue have also been addressed in, 
http://www.securityfocus.com/bid/8572/discussion/


see, your discussion on archive bomb [*.bz2] was
published.... very lately in,
2004-01-09: Publishing of the advisory
bzip2bomb-antivirusengines

(O; well..... see I DIDN'T TAKE ANY REFRENCE TO YOUR
ADVISORY...... cauz i knew/discussed about such issue
well far back , 2003-09-9
http://www.securityfocus.com/bid/8572 

_______________________________________________

When you first published your advisory in 2004 i also
thought this same thing,....... 

What's *really* new to
http://www.securityfocus.com/bid/8572 published in
2003

__________________________________
I don't think the AV vendors listened to either of US!
until......... this advisory SPECIALLY focused in this
topic. It's not necessary... two SQL injection, even
while using same parameters can be stated... THEY ARE
SAME!!!

__________________________________________________
 
Hay guy, let's focus on the current issue for the time
being!

Norton Antivirus Remote Denial of service
Vulnerability 
http://www.geocities.com/visitbipin/Nav_dos_part_3.html

please test it with other av products as well..., i
wonder why isn't there any coments/FINDINGS addressing
this current issue or has FD community stopped using
NAV.


bipin gautam


                
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault