[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Multiple Antivirus Scanners DoS attack. [summery]
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Multiple Antivirus Scanners DoS attack. [summery]
- From: bipin gautam <visitbipin@xxxxxxxxx>
- Date: Fri, 9 Jul 2004 12:28:36 -0700 (PDT)
--- "Dr. Peter Bieringer" <pbieringer@xxxxxxxxxx>
wrote:
>
>
> --On Montag, 14. Juni 2004 01:28 -0700 bipin gautam
> <visitbipin@xxxxxxxxx>
> wrote:
>
> > Multiple Antivirus Scanners DoS attack.
>
> ...
>
> What's *really* new to
>
<http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html>
>
> ?
>
> Peter
I had my eye on.....
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html#History
---snip----
History of this issue itself
* early '90s: ARC/LZH/ZIP/RAR-Bombs were used in
DoS of Fidonet systems
* 2002-01-01: Paul L. Daniels publishes first
version of 'arbomb' (Archive "Bomb" detection utility)
* 2003-08-29: Posting by Steve Wray on mailinglist
FullDisclosure mentions a bzip2 bomb
* 2003-09-01: AERAsec found that some antivirus
software is vulnerable against the posted bzip2 bomb
* 2004-01-09: Publishing of the advisory
bzip2bomb-antivirusengines
* 2004-01-15: Investigation of gzip'ed HTML and
PNG/GIF bombs
* 2004-02-03: Publishing of this advisory
----snip--------
well... my advisory on winrar
http://www.securityfocus.com/bid/8572 was published
on,
2003-09-9
and was in informal discussion on AV/archive DoS
attack in the internet long before this published
date..
.
but looking at the history in your site........
# 2003-09-01: AERAsec found that some antivirus
software is vulnerable against the posted bzip2 bomb
# 2004-01-09: Publishing of the advisory
bzip2bomb-antivirusengines
-------------------
seems like, we were working parallel....... in the
nearly same work; right across the globe!
The av dos issue have also been addressed in,
http://www.securityfocus.com/bid/8572/discussion/
see, your discussion on archive bomb [*.bz2] was
published.... very lately in,
2004-01-09: Publishing of the advisory
bzip2bomb-antivirusengines
(O; well..... see I DIDN'T TAKE ANY REFRENCE TO YOUR
ADVISORY...... cauz i knew/discussed about such issue
well far back , 2003-09-9
http://www.securityfocus.com/bid/8572
_______________________________________________
When you first published your advisory in 2004 i also
thought this same thing,.......
What's *really* new to
http://www.securityfocus.com/bid/8572 published in
2003
__________________________________
I don't think the AV vendors listened to either of US!
until......... this advisory SPECIALLY focused in this
topic. It's not necessary... two SQL injection, even
while using same parameters can be stated... THEY ARE
SAME!!!
__________________________________________________
Hay guy, let's focus on the current issue for the time
being!
Norton Antivirus Remote Denial of service
Vulnerability
http://www.geocities.com/visitbipin/Nav_dos_part_3.html
please test it with other av products as well..., i
wonder why isn't there any coments/FINDINGS addressing
this current issue or has FD community stopped using
NAV.
bipin gautam
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html