| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050311150421.4778.qmail@web31510.mail.mud.yahoo.com> From: visitbipin at yahoo.com (bipin gautam) Subject: Multiple AV Vendor Incorrect CRC32 BypassVulnerability. eicar.com.txtX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TE > <mailto:eicar.com.txtX5O!P%25@...5b4\PZX54(P%5e)7CC)7%7d$EICAR-STANDARD- > ANTIVIRUS-TE> in the text file rather then a valid > eicar. yap, i admit; i was uploaded the file... and soon relized i uploaded the wrong file. But, i think for altest about 30 minutes i couldn't do anything cauz i was still getting the "OLD" damaged POC from geocities cache "i guess" So, i instead later put a message, last updated time, (UPDATED: 5:40:00 GMT, Friday, March 11, 2005 ) at, http://www.geocities.com/visitbipin/crc.html CHECKED, & double-checked using virustotal.com lately and found Sybari 7.5.1314 vulnerable! > Well, technically these would be separate > vulnerabilities, wouldn't you say? well... you can modify general purpose bit flag of, last mod file time, last mod file date,general purpose bit flag, compression method [NOT: compression method or that will damage the archive] i replace them with "\x2f". md5sum of the updated POC. 4888816c4931002a6027ccd7b1025a94 The one tool that i am currently using that automatically repare a broken archive (During extraction) is "Download accelerator plus: 5.3.9.8" with just a simple warning about the mis-match CRC __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Powered by blists - more mailing lists