Full Disclosure mailing list archives

DANGER: potentially broken f-prot updates

From: Mike Tancsa <mike () sentex net>
Date: Thu, 25 Sep 2003 15:03:02 -0400

I have already contacted the vendor, but be careful about your f-protupdates today. It looks like they put an old def file from May 26th ontheir ftp site. The UNIX update script will happily fetch and install this.


avscan2# nslookup -type=ns f-prot.com
Server:  resolver1.sentex.ca
Address:  64.7.128.99

Non-authoritative answer:
f-prot.com      nameserver = ns1.linanet.is
f-prot.com      nameserver = skjalda.frisk-software.com
f-prot.com      nameserver = bukolla.frisk-software.com
f-prot.com      nameserver = baula.frisk-software.com

Authoritative answers can be found from:
ns1.linanet.is  internet address = 62.145.128.2
skjalda.frisk-software.com      internet address = 213.220.100.2
bukolla.frisk-software.com      internet address = 213.220.100.1
baula.frisk-software.com        internet address = 213.220.100.3
avscan2#
avscan2# host ftp.f-prot.com 213.220.100.2
Using domain server 213.220.100.2:

ftp.f-prot.com has address 204.118.23.102
ftp.f-prot.com has address 204.118.23.103
ftp.f-prot.com has address 204.118.23.101
avscan2# fetch ftp://204.118.23.102/pub/fp-def.zip
Receiving fp-def.zip (1180204 bytes): 100%
1180204 bytes transferred in 1.2 seconds (997.57 kBps)
avscan2# unzip -v fp-def.zip
Archive:  fp-def.zip
 Length   Method    Size  Ratio   Date   Time   CRC-32    Name
--------  ------  ------- -----   ----   ----   ------    ----
     295  Defl:N      272   8%  09-25-03 16:57  e98c5705  SIGN.ASC
 1054178  Defl:N   675410  36%  05-26-03 16:01  415522b4  SIGN.DEF
     295  Defl:N      272   8%  09-25-03 16:57  c21dad71  SIGN2.ASC
  733487  Defl:N   503856  31%  05-26-03 13:20  9664dc36  SIGN2.DEF
--------          -------  ---                            -------
 1788255          1179810  34%                            4 files
avscan2# md5 fp-def.zip
MD5 (fp-def.zip) = ffbe865dbfbf6721f59abdad3309c8ad
avscan2#

It really is from the 26th.. no mimail, no swen, noteven sobig.f :-(

        ---Mike

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

SAM Switch - Win2k/XP password-less login Palan (Sep 25)
- <Possible follow-ups>
- RE: SAM Switch - Win2k/XP password-less login Schmehl, Paul L (Sep 25)
  - Re: SAM Switch - Win2k/XP password-less login Cael Abal (Sep 25)
  - Message not available
    - DANGER: potentially broken f-prot updates Mike Tancsa (Sep 25)
    - Re: DANGER: potentially broken f-prot updates Mike Tancsa (Sep 25)
  - Re: SAM Switch - Win2k/XP password-less login Steve Ames (Sep 25)