BugTraq
Multiple Antivirus Scanners DoS attack. Jun 14 2004 02:38PM
bipin gautam (visitbipin hotmail com) (2 replies)
Re: Multiple Antivirus Scanners DoS attack. Jun 16 2004 11:49AM
Tucker (sopapa perretta com ar) (1 replies)
Re: Multiple Antivirus Scanners DoS attack. Jun 17 2004 06:50AM
Jacek Osiecki (pingwinus poczta fm) (1 replies)
Re: Multiple Antivirus Scanners DoS attack. Jun 20 2004 09:51PM
Jason Haar (Jason Haar trimble co nz)
Re: Multiple Antivirus Scanners DoS attack. Jun 14 2004 05:48PM
Ethy H. Brito (ethy inexo com br) (1 replies)
On Mon, 14 Jun 2004 14:38:50 +0000
"bipin gautam" <visitbipin (at) hotmail (dot) com [email concealed]> wrote:

> Multiple Antivirus Scanners DoS attack.
>
> --- [Vulnerable Products] ---
> Only tested on...
>
> * Norton Antivirus 2002
> * Norton Antivirus 2003
> * Mcafee VirusScan 6
> * Network Associates (McAfee) VirusScan Enterprise 7.1
> * Windows Xp default ZIP manager [report's wrong size of compress ZIP
> files.]

Linux uvscan scan engine 4.3.20 (MacAfee) is also vulnerable.
uvscan takes all CPU and lots of memory been only killed with signal 9 from another terminal.

from 'top':
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
1306 nobody 15 0 22744 21M 1648 R 97.4 35.6 0:44 0 uvscan

nobody@babalu:/usr/local/uvscan# ./uvscan -v -r --analyze --unzip BlackHole.zip
Scanning BlackHole.zip
Scanning file BlackHole.zip
Scanning file BlackHole.zip/~.BZ2
..... stalls here .....

--

Ethy H. Brito /"InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil / \

[ reply ]
Re: Multiple Antivirus Scanners DoS attack. Jun 15 2004 05:48PM
Yosif Sleman (sleman compranet gob mx)


 

Privacy Statement
Copyright 2010, SecurityFocus