Serious vulnerabilities in several antivirus products could result in denial-of-service conditions, local privilege escalation and other negative consequences. Fixes are available for some of the problems. One vulnerability affects popular antivirus products such as Kaspersky AntiVirus for Linux 5.0.1.0, Trend Micro InterScan VirusWall 3.8 Build 1130, and McAfee Virus Scan for Linux 4.16.0. Other versions may also be affected. A team of researchers from Aerasec Network Services and Security GmbH, based in Hohenbrunn, Germany, discovered that these products have trouble with so-called bzip2 bombs. When scanning compressed files for virus signatures, antivirus products usually decompress the file first. However, the products with the flaw often don’t limit the size of the resulting decompressed file, and extremely large files (billions of zeroes, for instance) can overwhelm the products. Decompressing a large file can take up all available file space on a machine, maxing out CPU usage and causing denial-of-service conditions on the machine. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.