lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: lise_moorveld at hotmail.com (Lise Moorveld)
Subject: Re: Multiple AV Vendor Incorrect CRC32 Bypass
	Vulnerability.

Hi,

Well, technically these would be separate vulnerabilities, wouldn't you say?
Could you perhaps share a bit more information about which headers work well 
in circumventing which AV products?

-- Lise

>get the new updates at,
>http://www.geocities.com/visitbipin/crc.html
>
>strangely, after modifying other general purpose bit
>flag in the zip header like,compression method,last
>mod file time,last mod file date,file name
>length,extra field length... [NOT: compressed size, uncompressed size which 
>was
>pointed out by iDEFENSE before]
>
>strangely i found some other AV pron to the BUG.

_________________________________________________________________
Talk with your online friends with MSN Messenger http://messenger.msn.nl/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ