|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 80
Members: 0
Total: 80
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Multiple Antivirus Scanners DoS attack 16k = 1 terabyte |
|
Posted: Sun Jun 20, 2004 8:04 pm |
|
|
LINUX |
Moderator |
|
|
Joined: May 24, 2004 |
Posts: 404 |
Location: Caiman |
|
|
|
|
|
|
Multiple Antivirus Scanners DoS attack
jejejej D0s attack your victim Combining social engineer and this file his victim is exposed to an attack
-- [Vulnerable Products] ---
Only tested on...
* Norton Antivirus 2002
* Norton Antivirus 2003
* Mcafee VirusScan 6
* Network Associates (McAfee) VirusScan Enterprise 7.1
* PC-Cillin 11.13
*Norton AV Corporate Ed. (version 7.60.926)
*Protector Plus
*MacAfee uvscan scan for Linux (4.3.20)
* Rav Antivirus online Scanner [Couldn't complete the scan...]
* Windows Xp default ZIP manager [report's wrong size of compress ZIP files.]
There has been multiple reports,
*Panda Antivirus
*DrWeb (http://www.drweb.ru/)
*AVG v7.0.251
Are vulnerable
--- [Details] ---
While having a manual scan of compressed files; several Antivirus, Trojan, Spy ware scanners suffer a DoS attack if the software tries to completely extract the archive and scan its content for a hostile file. Moreover, If you download such archives from an internet location, or copy/paste such files from a destination. Those Vulnerable "Antivirus Software?s" with their auto-protect engines active, may also trigger a DoS. An attacker can create a big file,
dd if=/dev/zero of=/crash bs=9999
and compress the file. [Well there are ways to squeeze a terabyte of such data to few kilobytes]
An attacker could construct such archive and if send to a vulnerable AV gateway, multiple of times may result in system un-stability, high CPU use for long time, system hang/crash etc...
Note: This is just a simple proof of concept, smaller archive >10kb can be created that contain a terabyte of data...
Moreover it's not safe to set automatically 'Quarantine/delete' option set for your AV scanner as it may try to Quarantine the virus by extracting the archive.
Direct download
www.sosvulnerable.com.ar/down/test.zip
Spanish version www.sosvulnerable.com.ar |
|
|
|
|
|
|
|
|
Posted: Sun Jun 20, 2004 10:02 pm |
|
|
vocal |
Regular user |
|
|
Joined: Jun 13, 2004 |
Posts: 18 |
|
|
|
|
|
|
|
I love this!!
Thx |
|
|
|
|
Posted: Sun Jun 20, 2004 10:15 pm |
|
|
SteX |
Advanced user |
|
|
Joined: May 18, 2004 |
Posts: 181 |
Location: Serbia |
|
|
|
|
|
|
Hehe..but how to compress 1 TB to 10 KB..(2 small HD)
|
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
Posted: Mon Jun 21, 2004 3:29 am |
|
|
LINUX |
Moderator |
|
|
Joined: May 24, 2004 |
Posts: 404 |
Location: Caiman |
|
|
|
|
|
|
kapersky antivirus 5 detects like virus pump to it of archives
zone alarm 5 whit antivirus it does not detect it
forum member test decompress everything |
|
|
|
|
Posted: Mon Jun 21, 2004 4:21 pm |
|
|
vocal |
Regular user |
|
|
Joined: Jun 13, 2004 |
Posts: 18 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> All other security holes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|