lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <eea688830803181837i26e97c04o4acbdc919222a66f@mail.gmail.com>
Date: Tue, 18 Mar 2008 18:37:45 -0700
From: "James Connery" <james.j.connery@...il.com>
To: bugtraq@...urityfocus.com
Subject: Question on CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats?

Hello all,

I am a bit of a confused with recent CERT advisory on archive formats.

URL: https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

In the advisory it is clearly stated that e.g. Microsoft and Apple are
not vulnerable. However after downloading the tool from PROTOS and
trying to open some of the archives on my Windows box (WinXP, latest
patches and everything) - it in lack of a better word - melts down to
 the point of becoming completely unusable. I then tried these with
Apple; and again - similar results.

So I'm bit of a confused here...  Can someone confirm what I am
seeing=?

PROTOS is available from below URL to try out...

URL: http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

Cheers,

    James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ