lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <o2z605f8e051005061718z898ad31cnf0fe8dedf6559223@mail.gmail.com>
Date: Thu, 6 May 2010 20:18:57 -0400
From: Jeffrey Walton <noloader@...il.com>
To: "www.matousec.com - Research" <research@...ousec.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: KHOBE - 8.0 earthquake for Windows desktop
	security software

Hi ,

Also known as a TOCTOU binding flaw (thanks GDM).

http://nob.cs.ucdavis.edu/bishop/papers/1996-compsys/racecond.pdf (dated 1996).

Jeff

On Wed, May 5, 2010 at 3:14 AM, www.matousec.com - Research
<research@...ousec.com> wrote:
> Hello,
>
> We have found number of vulnerabilities in implementations of kernel hooks in many different security products.
>
>
> Vulnerable software:
>
>    * 3D EQSecure Professional Edition 4.2
>    * avast! Internet Security 5.0.462
>    * AVG Internet Security 9.0.791
>    * Avira Premium Security Suite 10.0.0.536
>    * BitDefender Total Security 2010 13.0.20.347
>    * Blink Professional 4.6.1
>    * CA Internet Security Suite Plus 2010 6.0.0.272
>    * Comodo Internet Security Free 4.0.138377.779
>    * DefenseWall Personal Firewall 3.00
>    * Dr.Web Security Space Pro 6.0.0.03100
>    * ESET Smart Security 4.2.35.3
>    * F-Secure Internet Security 2010 10.00 build 246
>    * G DATA TotalCare 2010
>    * Kaspersky Internet Security 2010 9.0.0.736
>    * KingSoft Personal Firewall 9 Plus 2009.05.07.70
>    * Malware Defender 2.6.0
>    * McAfee Total Protection 2010 10.0.580
>    * Norman Security Suite PRO 8.0
>    * Norton Internet Security 2010 17.5.0.127
>    * Online Armor Premium 4.0.0.35
>    * Online Solutions Security Suite 1.5.14905.0
>    * Outpost Security Suite Pro 6.7.3.3063.452.0726
>    * Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION
>    * Panda Internet Security 2010 15.01.00
>    * PC Tools Firewall Plus 6.0.0.88
>    * PrivateFirewall 7.0.20.37
>    * Security Shield 2010 13.0.16.313
>    * Sophos Endpoint Security and Control 9.0.5
>    * Trend Micro Internet Security Pro 2010 17.50.1647.0000
>    * Vba32 Personal 3.12.12.4
>    * VIPRE Antivirus Premium 4.0.3272
>    * VirusBuster Internet Security Suite 3.2
>    * Webroot Internet Security Essentials 6.1.0.145
>    * ZoneAlarm Extreme Security 9.1.507.000
>    * probably other versions of above mentioned software
>    * possibly many other software products that use kernel hooks to implement security features
>
>
> More details is available here:
>
> Advisory: http://www.matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php
> Article: http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
>
> Kind Regards,
>
> --
> www.matousec.com Research
> Different Internet Experience Ltd.
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ