Info

Disclosure

Jan 09, 2004

Discovery

Unknown

Dates

Exploit

Jan 09, 2004

Solution

Unknown

Description

Multiple Virus Scanners contain a flaw that may allow a remote denial of service. The issue is triggered when the application attempts to decompress an excessively large bzip2 archive which will cause the antivirus product to consume a majority of the CPU resources, resulting in a loss of availability for the system.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Consult your vendor for an appropriate patch or upgrade.

Products

AMaViS	AMaViS	0.2 pre-4
		0.2 pre-5
		0.2 pre6-20000604
		0.2 pre6-20000704
		0.3.12
		0.3.12 pre6
		0.3.12 pre7
		0.3.12 pre8
	amavisd	0.1
		snapshot-20020300
		snapshot-20020531

Kaspersky Lab

Kaspersky Antivirus for Linux Servers

5.0.1.0

McAfee, Inc.

Virus Scan for Linux

4.16.0

Trend Micro, Inc.

InterScan VirusWall

3.8 Build 1130

References

Secunia Advisory ID: 10596
ISS X-Force ID: 14197
Bugtraq ID: 9393
Generic Exploit URL: ftp://ftp.aerasec.de/pub/advisories/bzip2bomb/
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-01/0073.html
Vendor Specific Advisory URL: http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=18198
http://www.amavis.org/security/asa-2004-1.txt
Vendor URL: http://us.mcafee.com/
http://www.amavis.org/
http://www.kaspersky.com/index.html
Other Advisory URL: http://www.aerasec.de/security/advisories/txt/bzip2bomb-antivirusengines.txt

Credit

Dr. Peter Bieringer - pbieringeraerasec.de - AERAsec Network Services and Security

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

AMaViS

AMaViS

amavisd

Kaspersky Lab

Kaspersky Antivirus for Linux Servers

McAfee, Inc.

Virus Scan for Linux

Trend Micro, Inc.

InterScan VirusWall

References

Credit