|
|
|
New Vulnerabilities Affect Antivirus Products
Attackers can use antivirus programs to gain system level access or create denial of service conditions
by George Milner
Recently, there have been two types of vulnerabilities found affecting antivirus programs. In one, using one of the features of the program could allow a user to upgrade privileges gaining access to files and commands at the system level. The other flaw happens when some virus checking programs decompress a file to check its signature. If the program doesn't limit the size of the decompressed file, huge files can be created that will use up all the processing power and storage space available on network drives, effectively creating a denial of service condition.
There is a fix available for the privilege upgrade problem, which affects certain versions of Norton Anti-virus on machines running Windows NT, XP, 2000 and 2003. Symantec has fixed the problem and users are encouraged to run LiveUpdate and download the latest patches. (See link below.)
The other vulnerability affects a variety of antivirus software, including products by McAfee, Trend Micro, and Kaspersky. Specifically, bzip2 bombs can be used to create these very large files and absorb all the CPU cycles on a machine.
FOR MORE INFORMATION:
"bzip2bomb" Advisory
Download Symantec LiveUpdate fix here
Symantec LiveUpdate advisory
First published on BankersOnline.com 01/15/04
Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives Privacy Policy Important Disclaimer Recommend This Site ! Contact Us
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.
|
|
|
|
Print Friendly!
Email This Article!
Discuss NOW!