Full Disclosure mailing list archives
Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory
From: Simon Smith <simon () snosoft com>
Date: Wed, 29 Aug 2007 11:37:58 -0400
I LOVE THE DMCA! Kevin Finisterre (lists) wrote:
heh who would do such a thing? Guess we all get to wait and see who the first Guinea pig is gonna be. Hope germany has an EFF / Granick floating around to fight off some of this nonsense. -KF On Aug 28, 2007, at 6:49 PM, Blue Boar wrote:I remember people being all paranoid about the DMCA. They were worried security researchers would be sued for trying to release vulnerability information. But since that turned out to be unfounded, I guess we don't have to worry about the German thing. ;) BB Kevin Finisterre (lists) wrote:Would you have honestly provided *MORE* detail prior to the law being in effect? Doesn't the law refer to things that are intended to be used for illegal activity? I don't recall the advisories being any more verbose pre law.... Thanks. -KF On Aug 27, 2007, at 4:41 PM, Sergio Alvarez wrote:Hi 3APA3A, It was a mistake in the advisory, It should say: "Integer cast around in UPX packed files parsing" I ask for apologies for the mistake. Unfortunately we can't give more details about the vulnerability because the German Law (ยง202) Cheers, Sergio _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- - simon ---------------------- http://www.snosoft.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory security (Aug 24)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory 3APA3A (Aug 27)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Sergio Alvarez (Aug 28)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Kevin Finisterre (lists) (Aug 28)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Blue Boar (Aug 28)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Kevin Finisterre (lists) (Aug 28)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Simon Smith (Aug 29)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Valdis . Kletnieks (Aug 29)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Sergio Alvarez (Aug 28)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory 3APA3A (Aug 27)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory Lisa Thalheim (Aug 29)