3 March 2007, 23:21

Kaspersky DoS using manipulated UPX files

Security services provider iDefense has reported a vulnerability in Kaspersky anti-virus software released before 7th February of this year. The anti-virus software can be made to enter an infinite loop by analysing prepared compressed files packed using the runtime packer UPX. An attacker could exploit this to overload and disable e-mail servers or clients.

According to the security advisory, Kaspersky's routine for unpacking UPX files can be made to process endlessly the same data segment by means of a negative data offset for the data segment. The Russian anti-virus software vendor fixed the vulnerability on 7th February of this year. The updated version has already been made available via the automatic update function.

Also on The H:

Share this article

Kaspersky DoS using manipulated UPX files

Also on The H:

Microsoft's struggle against bugs

CSI:Internet - Open heart surgery

CSI:Internet - A trip into RAM

The H Update Check

Internet Toolkit

Monopoly madness

What's new in Linux 3.4

A Practical Internet of Things

Booting up: Tools and tips for systemd

Kernel Log: Coming in 3.4 (Part 3) - Graphics drivers

Control Centre: The systemd Linux init system

Kernel Log: Coming in 3.4 (Part 2) - Filesystems, storage and drivers

Kernel Log: Coming in 3.4 (Part 1) - Infrastructure

What's new in Linux 3.3

Building a GSM network with open source

CSI:Internet - Controlled from the beyond

Price Insight Top 10 powered by Skinflint

The H

The H open source

The H Security

The H Internet Toolkit