hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
MindSmith
Jan 13 2004, 06:48 AM
tongue.gif

Bugtraq id 9393
Object
Class Failure to Handle Exceptional Conditions
Cve CVE-MAP-NOMATCH

Remotely Exploitable Yes
Locally Exloitable No
Published Jan 09, 2004
Updated Jan 10, 2004


Details:
Multiple vendor antivirus software applications have been reported to be prone to a denial of service vulnerability. This issue presents itself when an affected application attempts to decompress an excessively large bzip2 archive.

Kaspersky AntiVirus for Linux 5.0.1.0, Trend Micro InterScan VirusWall 3.8 Build 1130, and McAfee Virus Scan for Linux v4.16.0 have been reported to be prone to this issue, however, it is likely that other products are affected as well.

Exploit:

No exploit is required.

Example bzip2 archives may be downloaded from the following:

ftp://ftp.aerasec.de/pub/advisories/bzip2bomb/

Source: http://www.securityfocus.com/bid/9393/info/
matiano
Jan 13 2004, 03:55 PM
Dr. Peter Bieringer, Autor of the investigation of AERAsec, points
out that it is possible to later falsify the header information in ZIP
files. In addition a normal HEX editor is sufficient. If a scanner
examines only the headers and not additionally the current size, it is
dmit susceptible to ZIP bombs likewise.also its possible with win avīs too rolleyes.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.