趨勢科技Trend Micro與 McAfee 之bzip2共通漏洞

The scanners mentioned above are still vulnerable
to bzip2 bombs.Normally, every AntiVirus-Software
is able to scan in archives for viruses.Therefore
, they extract the archive before scanning by using
a decompression engine(mostly built-in). Many of
this decompression engines have a level limit, but
very rare have a maximum size limit or smart code
for an anomaly detection.Because most decompression
engines are storing the decompressed file on the local
filesystem (mostly /tmp), this can lead to a denial of
service (DoS):
No space on file system where /tmp resides, e.g.
/ filesystem (in case of /tmp isn't located on a
dedicated partition)
/var filesystem (in case of /tmp is soft linked to
/var/tmp and /var is located on a dedicated partition
- High CPU usage during decompression
- No further scanning capabilities (because of full filesystem)
- System lock down because of full filesystem


http://www.sss.org.tw/phpbb/viewtopic.php?t=1852