lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <579345288@web.de>
Date: Sun, 21 Aug 2005 11:35:00 +0200
From: Andreas Marx <gega-it@....de>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
	vuln@...unia.com
Subject: Re: Secunia Research: HAURI Anti-Virus Compressed
	Archive Directory Traversal



Hi!

I'm sorry, but you were not the first one who noticed this kind of problem. :-)

I've discovered the same type of problems much earlier and reported it to the vendor several times. However, Hauri *never* responded to our inqueries. When I was calling them, they at least acknowledged that they got my mails, but nothing has happened later. You can find more details about the issue the in the following article:

"Durchleuchter - 16 Virenscanner für Windows", Andreas Marx & Axel Vahldiek, c't 01/2005, page 128pp. (10 pages)

The tests for this article were performed in November and December 2004. There are a lot more vulnerabilities in this product, e.g. everyone can get Administrator rights on a "protected" PC very easily. A good number of the problems are described in the above article for the German c't magazine, too.

BTW: It's interesting to see that you have tested *exactly* the same kind of archive files we've used in the c't review...

cheers,
Andreas Marx
CEO, AV-Test.org
http://www.av-test.org

__________________________________________________________________________
Erweitern Sie FreeMail zu einem noch leistungsstarkeren E-Mail-Postfach!		
Mehr Infos unter http://freemail.web.de/home/landingpad/?mc=021131

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ