lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <096A04F511B7FD4995AE55F13824B83306F196@banneretcs1.local.banneretcs.com>
Date: Fri, 11 Feb 2005 17:44:48 -0500
From: "Roger A. Grimes" <roger@...neretcs.com>
To: <mvpsectalk@...vps.com>,
	"Patch Management Mailing List" <patchmanagement@...tserv.patchmanagement.org>,
	<bugtraq@...urityfocus.com>,
	"Windows NTBugtraq Mailing List" <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>
Subject: Symantec UPX issue solution


Per Symantec, if you update signatures via the normal LiveUpdate
automatic process, your product should not be vulnerable. Updated
signatures were released two days ago.  Threats with the UPX exploit
code will be detected as:

http://www.sarc.com/avcenter/venc/data/bloodhound.exploit.26.html

This works because the signature detection engine can examine the code
first, before exposing the vulnerable part of the UPX decomposer to the
exploit.  Of course, you probably still need to upgrade your software to
the appropriate version, but it is not as bad as some have claimed (mea
culpa)

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant 
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
*email: roger@...neretcs.com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ