{"vuid":"VU#212707","idnumber":"212707","name":"Multiple vendor implementations of file scanning utilities vulnerable to DoS via compressed file archive","keywords":["McAfee","ASaP","VirusScan","WebShield","Sophos","file scanning utilities","virus scanner","DoS","denial of service","compressed file archive","zip","rar","ace","disk space consumption","4GB"],"overview":"Several file scanning utilities, including some virus scanners, may fail and crash when scanning compressed file archives.","clean_desc":"Many file scanners will decompress compressed file archives in memory so their contents can be scanned. However, some of these scanners do not check if there is enough memory available to decompress the file. The Zip compression algorithm allows a maximum compression ratio of 1000:1, and with nested Zip archives, it is possible to create a small archive that would decompress to a size several thousands of times greater, and much greater than the memory available on most systems. When a file scanner tries to decompress such an archive without ensuring that there is enough memory available, it may fail and crash. As file scanners are sometimes used to scan message attachments on mail servers, this problem could have additional negative effects on the services provided by mail servers.","impact":"Attackers can design a file which will crash a file scanner and possibly cause additional problems for mail servers that employ file scanners.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"None.","sysaffected":"","thanks":"Thanks to Michel Arboi for reporting this vulnerability.","author":"This document was written by Shawn Van Ittersum.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","r","i","t","y","f","o","c","u","s",".","c","o","m","/","b","i","d","/","3","0","2","7"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-07-16T17:01:01Z","publicdate":"2002-07-16T00:00:00Z","datefirstpublished":"2002-08-05T21:17:35Z","dateupdated":"2002-10-02T15:47:23Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"3","cam_easeofexploitation":"13","cam_attackeraccessrequired":"20","cam_scorecurrent":"4.3875","cam_scorecurrentwidelyknown":"5.484375","cam_scorecurrentwidelyknownexploited":"9.871875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.3875,"vulnote":null}