Full Disclosure mailing list archives
Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability.
From: "Dr. Peter Bieringer" <pbieringer () aerasec de>
Date: Thu, 10 Mar 2005 12:29:18 +0100
Hi,--On Mittwoch, 9. März 2005 18:36 -0800 bipin gautam <visitbipin () yahoo com> wrote:
Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. Description: if you create a zip archive with invalid CRC checksum...... some AV skip scanning the archive marking it as clean........ by this way, you can bypass antivirus gateways and slip in any attachment without scanning the archive.
I don't believe you need invalid CRC sums...we're currently investigate an interesting issue, more coming next here on this list ;-)
Regards,
Dr. Peter Bieringer
--
Dr. Peter Bieringer Phone: +49-8102-895190
AERAsec Network Services and Security GmbH Fax: +49-8102-895199
Wagenberger Strasse 1 Mobile: +49-174-9015046
D-85662 Hohenbrunn E-Mail: pbieringer () aerasec de
Germany Internet: http://www.aerasec.de
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. bipin gautam (Mar 09)
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. Frederic Charpentier (Mar 10)
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. Dr. Peter Bieringer (Mar 10)
- <Possible follow-ups>
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. bipin gautam (Mar 10)
- RE: Multiple AV Vendor Incorrect CRC32 BypassVulnerability. Randall M (Mar 10)
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. bipin gautam (Mar 10)
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. Lise Moorveld (Mar 11)
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. bipin gautam (Mar 11)