I know that ASL is using the Kaspersky AntiVirus solution.
I'm just reading an article about bzip2 bombs and this AntiVirus software is also mentioned as vulnerable here.
Read whole article here.
Vulnerability:
==============
The scanners mentioned above are still vulnerable to bzip2 bombs.
Normally, every AntiVirus-Software is able to scan in archives for viruses.
Therefore, they extract the archive before scanning by using a decompression engine
(mostly built-in). Many of this decompression engines have a level
limit, but very rare have a maximum size limit or smart code for an anomaly
detection.
Impact:
=======
Because most decompression engines are storing the decompressed file on the local
filesystem (mostly /tmp), this can lead to a denial of service (DoS):
- No space on file system where /tmp resides, e.g.
/ filesystem (in case of /tmp isn't located on a dedicated partition)
/var filesystem (in case of /tmp is soft linked to /var/tmp and /var is located
on a dedicated partition
- High CPU usage during decompression
- No further scanning capabilities (because of full filesystem)
- System lock down because of full filesystem
Get more information here (Sorry in German only).
This thread was automatically locked due to age.
