lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1E90812D-567E-4457-B464-15127C230F27@digitalmunition.com>
Date: Tue, 28 Aug 2007 20:29:51 -0400
From: "Kevin Finisterre (lists)" <kf_lists@...italmunition.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: n.runs-SA-2007.027 - Sophos Antivirus
	UPX	parsing Arbitrary CodeExecution Advisory

heh who would do such a thing?

Guess we all get to wait and see who the first Guinea pig is gonna be.

Hope germany has an EFF / Granick floating around to fight off some  
of this nonsense.
-KF

On Aug 28, 2007, at 6:49 PM, Blue Boar wrote:

> I remember people being all paranoid about the DMCA. They were worried
> security researchers would be sued for trying to release vulnerability
> information. But since that turned out to be unfounded, I guess we  
> don't
> have to worry about the German thing. ;)
>
> 					BB
>
> Kevin Finisterre (lists) wrote:
>> Would you have honestly provided *MORE* detail prior to the law being
>> in effect?
>>
>> Doesn't the law refer to things that are intended to be used for
>> illegal activity?
>>
>> I don't recall the advisories being any more verbose pre law....
>>
>> Thanks.
>> -KF
>>
>> On Aug 27, 2007, at 4:41 PM, Sergio Alvarez wrote:
>>
>>> Hi 3APA3A,
>>>
>>> It was a mistake in the advisory,
>>> It should say:
>>>
>>> "Integer cast around in UPX packed files parsing"
>>>
>>> I ask for apologies for the mistake.
>>> Unfortunately we can't give more details about the vulnerability
>>> because
>>> the German Law (ยง202)
>>>
>>> Cheers,
>>>   Sergio
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ