lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 28 Aug 2007 20:36:53 +0800
From: "Just1n T1mberlake" <hotpackets@...lokitty.com>
To: full-disclosure@...ts.grok.org.uk
Subject: .R4L - n.runs Infinite Antivirus Posting
	Vulnerabilities

[.r4l vulnerability release 200708280002 07-28-01]

.r4l crew has discovered n.runs infinite antivirus posting vulnerabilities

n.runs delivers solutions based on our clients´ requirements as specified by the client. This not only fulfills the expectations of the clients, but in most cases far exceeds what was anticipated. n.runs have two fully massive fists right up their ringers hey. With this in mind, we have formed individual consulting teams, who are trained and specialized in the conception of solutions in the areas of our technical consulting services. A large investment of time and money has been placed into these teams to develop solutions which can then completely be adapted to fit specific client requirements.

--[ Vulnerabilities ]--

1. n.runs AG has been found to post repeatedly to Internet mailing lists with details about Anti-Virus products.

2. Most of these vulnerabilities relate to inappropriate expansion of old archive files.

--[ Recommendation ]--

n.runs AG begin using newer archive formats. Older archive formats are known to have vulnerabilities and are not recommended for use.

--[ Vendor Response ]--

n.runs - We will stop using .lha however .arc is still widely in use within our office. No patches will be provided.

--[ Credits ]--

Thanks to the following
knuckles
sloppy


-- 
_______________________________________________
Get a free @hellokitty.com, @mymelody.com, or @kuririnmail.com email account
today at www.sanriotown.com, and enjoy 500MB of storage!
Check out our official blog @ http://blog.hellokitty.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ