[MindSmith]

:P

Bugtraq id 9393
Object
Class Failure to Handle Exceptional Conditions
Cve CVE-MAP-NOMATCH

Remotely Exploitable Yes
Locally Exloitable No
Published Jan 09, 2004
Updated Jan 10, 2004


Details:
Multiple vendor antivirus software applications have been reported to be prone to a denial of service vulnerability. This issue presents itself when an affected application attempts to decompress an excessively large bzip2 archive.

Kaspersky AntiVirus for Linux 5.0.1.0, Trend Micro InterScan VirusWall 3.8 Build 1130, and McAfee Virus Scan for Linux v4.16.0 have been reported to be prone to this issue, however, it is likely that other products are affected as well.

Exploit:

No exploit is required.

Example bzip2 archives may be downloaded from the following:

ftp://ftp.aerasec.de...ries/bzip2bomb/

Source: http://www.securityf.../bid/9393/info/

[matiano]

Dr. Peter Bieringer, Autor of the investigation of AERAsec, points
out that it is possible to later falsify the header information in ZIP
files. In addition a normal HEX editor is sufficient. If a scanner
examines only the headers and not additionally the current size, it is
dmit susceptible to ZIP bombs likewise.also its possible with win av�s too :rolleyes: