Can you comment on this Scott? Any danger here?
Thanks,
Paul Navarre
*************************************
-----------------------------------
-----[ SECURITY ANNOUNCEMENT ]-----
-----------------------------------
iNetd Security Research Annoucement
Name: Anti Virus Mailscanners DOS
Systems Affected: System independant
Date: 25/02/2002
Subject: Potential DOS.
Severity: HIGH
Author: Eduardo R. Maciel ([EMAIL PROTECTED])
Description
===========
An antivirus mailscanner should check the filesizes inside a compressed
file like .tar.gz, .zip, .bz2, etc, BEFORE open the file for scanning.
All the products that doesn't do that checking are vulnerable to a
Denial Of Service attack.
Pay attention to the procedure below:
root@maciel:/tmp# dd if=/dev/zero of=/tmp/file count=200000
root@maciel:/tmp# ls -l /tmp/file
-rw-r--r-- 1 root root 102400000 Feb 24 22:13 file
root@maciel:/tmp# bzip2 -z file
root@maciel:/tmp# ls -l /tmp/file.bz2
rw-r--r-- 1 root root 113 Feb 24 22:14 file
Since the file has only null (numerical zeros, not the ASCII kind)
characters, the size of the compressed file was reduced to a almost
insignificant value.
Sending several mails with these compressed files may let a machine out
of memory or disk space.
Solution
========
The mailscanner should check the filesizes inside a compressed
file.
Credits:
Eduardo R. Maciel
[EMAIL PROTECTED]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
