Multiple Virus Scanners contain a flaw that may allow a remote denial of service. The issue is triggered when the application attempts to decompress an excessively large bzip2 archive which will cause the antivirus product to consume a majority of the CPU resources, resulting in a loss of availability for the system.
Classification
Location:
Remote / Network Access
Attack Type:
Denial of Service
Impact:
Loss of Availability
Exploit:
Exploit Public
Disclosure:
OSVDB Verified
Solution
Consult your vendor for an appropriate patch or upgrade.
Dr. Peter Bieringer -
pbieringeraerasec.de -
AERAsec Network Services and Security
CVSSv2 Score
We currently have no CVSS2 data on this vulnerability. Feel free to suggest it.
Blogs
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.