| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <D7DDF83751235046BFAC82E1244EB4C8088D8264@usilms23.ca.com> Date: Fri Sep 16 17:05:15 2005 From: James.Williams at ca.com (Williams, James K) Subject: NUL Character Evasion > List: full-disclosure > Subject: Re: [Full-disclosure] NUL Character Evasion > From: fd () ew ! nsci ! us > Date: 2005-09-15 19:57:30 > > > > On Thu, 15 Sep 2005, Williams, James K wrote: > > > List: full-disclosure > > > Subject: [Full-disclosure] NUL Character Evasion > > > From: ju () heisec ! de > > > Date: 2005-09-13 21:24:42 > > > > Thank you for the report. Computer Associates is currently > > investigating the issue (as it relates to CA products). > > > > Regards, > > kw > > Ken, > > How long until this update hits your product? > > -Eric > > -- > Eric Wheeler As initially suspected, from the AV signature perspective, this is not a critical issue until and unless something specific shows up in the wild or is reported to a vendor. The NUL char insertion concept is similar in theory to, for example, K2's classic ADMmutate[1] polymorphic shellcode engine for NIDS evasion, or simply adding NOPs to an executable. Alex and Neel[2] discussed this class of AV vulns at core05 and Blackhat. Regards, kw [1] http://www.ktwo.ca/security.html [2] http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-wheeler.pdf
Powered by blists - more mailing lists