Full Disclosure mailing list archives

Re: Norton AntiVirus Scanner Remote Denial Of ServiceVulnerability [Part: !!!]

From: Matt Cuttler <mcuttler () bnl gov>
Date: Mon, 12 Jul 2004 14:07:00 -0400

clamav has options such as:
--max-files --max-space --max-recursion and --max-ratio
..which will protect against these types of DOS attacks.

-Matt Cuttler



Richard Massa wrote:

exploit does not crash SAV corporate edition 8.1.1.319, Scan engine 4.2.0.7.
Scan of file completes successfully.

On Fri, Jul 09, 2004 at 08:55:45PM -0700, bipin gautam wrote:

--- "Peter B. Harvey (Information Security)"
<peterharvey () emergency qld gov au> wrote:

Could you please password protect it and email it to
me. Ill test on Trend Micro.

Peter

dust download the file and hit scan, watch out You AV
can trigger a DoS autometically.

It has been confirmed Norton 2004 uses 100% cpu for a
indefinate amount of time. (Tested in 3 Ghz processor)

Please read updates in this advisory at:

http://www.geocities.com/visitbipin/Nav_dos_part_3.html

and test the exploit with some other AV scanners!

------------
bipin


                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Norton AntiVirus Scanner Remote Denial Of ServiceVulnerability [Part: !!!] bipin gautam (Jul 08)
- <Possible follow-ups>
- RE: Norton AntiVirus Scanner Remote Denial Of ServiceVulnerability [Part: !!!] bipin gautam (Jul 09)
- RE: Norton AntiVirus Scanner Remote Denial Of ServiceVulnerability [Part: !!!] bipin gautam (Jul 09)
  - Re: Norton AntiVirus Scanner Remote Denial Of ServiceVulnerability [Part: !!!] Richard Massa (Jul 12)
    - Re: Norton AntiVirus Scanner Remote Denial Of ServiceVulnerability [Part: !!!] Matt Cuttler (Jul 12)