| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun Aug 21 19:46:04 2005 From: gega-it at web.de (Andreas Marx) Subject: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal Hi! I'm sorry, but you were not the first one who noticed this kind of problem. :-) I've discovered the same type of problems much earlier and reported it to the vendor several times. However, Hauri *never* responded to our inqueries. When I was calling them, they at least acknowledged that they got my mails, but nothing has happened later. You can find more details about the issue the in the following article: "Durchleuchter - 16 Virenscanner f?r Windows", Andreas Marx & Axel Vahldiek, c't 01/2005, page 128pp. (10 pages) The tests for this article were performed in November and December 2004. There are a lot more vulnerabilities in this product, e.g. everyone can get Administrator rights on a "protected" PC very easily. A good number of the problems are described in the above article for the German c't magazine, too. BTW: It's interesting to see that you have tested *exactly* the same kind of archive files we've used in the c't review... cheers, Andreas Marx CEO, AV-Test.org http://www.av-test.org __________________________________________________________________________ Erweitern Sie FreeMail zu einem noch leistungsstarkeren E-Mail-Postfach! Mehr Infos unter http://freemail.web.de/home/landingpad/?mc=021131
Powered by blists - more mailing lists