Full Disclosure mailing list archives
Re: Multiple AV Vendor Incorrect CRC32 BypassVulnerability.
From: bipin gautam <visitbipin () yahoo com>
Date: Fri, 11 Mar 2005 07:04:21 -0800 (PST)
eicar.com.txtX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TE
<mailto:eicar.com.txtX5O!P%25@AP%5b4\PZX54(P%5e)7CC)7%7d$EICAR-STANDARD-
ANTIVIRUS-TE> in the text file rather then a valid eicar.
yap, i admit; i was uploaded the file... and soon relized i uploaded the wrong file. But, i think for altest about 30 minutes i couldn't do anything cauz i was still getting the "OLD" damaged POC from geocities cache "i guess" So, i instead later put a message, last updated time, (UPDATED: 5:40:00 GMT, Friday, March 11, 2005 ) at, http://www.geocities.com/visitbipin/crc.html CHECKED, & double-checked using virustotal.com lately and found Sybari 7.5.1314 vulnerable!
Well, technically these would be separate vulnerabilities, wouldn't you say?
well... you can modify general purpose bit flag of, last mod file time, last mod file date,general purpose bit flag, compression method [NOT: compression method or that will damage the archive] i replace them with "\x2f". md5sum of the updated POC. 4888816c4931002a6027ccd7b1025a94 The one tool that i am currently using that automatically repare a broken archive (During extraction) is "Download accelerator plus: 5.3.9.8" with just a simple warning about the mis-match CRC __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- RE: Multiple AV Vendor Incorrect CRC32 BypassVulnerability. bipin gautam (Mar 10)
- <Possible follow-ups>
- Multiple AV Vendor Incorrect CRC32 BypassVulnerability. Steve Scholz (Mar 11)
- Multiple AV Vendor Incorrect CRC32 BypassVulnerability. Steve Scholz (Mar 11)
- Multiple AV Vendor Incorrect CRC32 BypassVulnerability. Steve Scholz (Mar 11)
- RE: Multiple AV Vendor Incorrect CRC32BypassVulnerability. David J. Weaver (Mar 11)
- Multiple AV Vendor Incorrect CRC32 BypassVulnerability. Steve Scholz (Mar 11)
- Multiple AV Vendor Incorrect CRC32 BypassVulnerability. Steve Scholz (Mar 11)
- Re: Multiple AV Vendor Incorrect CRC32 BypassVulnerability. bipin gautam (Mar 11)
- RE: Re: Multiple AV Vendor Incorrect CRC32 BypassVulnerability. Steve Scholz (Mar 11)
- RE: Re: Multiple AV Vendor Incorrect CRC32 BypassVulnerability. bipin gautam (Mar 11)