Linux Antivirus Software Found Vulnerable To Bzip2 Bombs
Antivirus products from several vendors could be vulnerable to exploitation by attackers, a German security firm said this week.
AERAsec Network Services and Security, based in Hohenbrunn, Germany, discovered a flaw in at least three Linux antivirus products that could allow a hacker to conduct a denial-of-service (DoS) attack on a system running Kaspersky AntiVirus for Linux 5.0.1.0, Trend Micro InterScan VirusWall 3.8 Build 1130, and McAfee Virus Scan for Linux 4.16.0. Other versions from these vendors, as well as antivirus packages from other companies, may also be at risk, according to AERAsec.
The problem stems from how some antivirus programs handle compressed .zip files. Typically, antivirus software decompresses .zip archives prior to sniffing their contents for malicious code. If a hacker crafted an especially large .zip file -- dubbed a "bzip2 bomb" -- these products can choke on the processing, eating up all the available file space and maxing out the CPU. The result: a DoS.
Fixes for the vulnerabilities are not yet available from the vendors cited.
Related information