The very software designed to protect your system may be used to bring it down, researchers have discovered.
So far, leading anti-virus software from McAfee Security for Consumers, Trend Micro Inc. and Kaspersky Labs has been found to contain a vulnerability in its scanning technology that can see a network grind to a halt with a full file system and no spare processing power.
AERAsec has listed McAfee Virus Scan for Linux v4.16.0, Trend Micro InterScan VirusWall 3.8 Build 1130 and Kaspersky AntiVirus for Linux 5.0.1.0 as definitely containing the hole, but warns that other versions will probably contain the same problem.
The issue itself is the decompression engine included in the software which is using to open archives prior to being searched for a virus. There are missing limits when bzip2 files are checked, so an over-large file can be designed to eat up huge amounts of disk space and processing power -- in effect a denial-of-service attack. Huge files of nothing but, say, zeros can be compressed to a tiny size, making a malicious attack easy and feasible.
This is clearly not a good thing and you can learn more about it here: http://www.aerasec.de/security/advisories/txt/bzip2bomb-antivirusengines.txt.
Sign up to receive Security Resource Alerts
A comprehensive security management solution can help you streamline, as well as grow, your current or evolving business. In this way, a strategic security approach can help you increase your competitiveness in these challenging market conditions.
Download now! »
Find out how you can effectively collect, normalize and archive enterprise-wide, security-related data that is invaluable for security investigation and compliance reporting.
Download now! »
This session focuses on the intersection of role management and identity compliance, and addresses the importance of identity compliance in enterprise governance and the challenges that organizations may face in achieving it.
View now! »
Recommend This
