[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability.

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability.
From: "Dr. Peter Bieringer" <pbieringer@xxxxxxxxxx>
Date: Thu, 10 Mar 2005 12:29:18 +0100

Hi,

--On Mittwoch, 9. März 2005 18:36 -0800 bipin gautam <visitbipin@xxxxxxxxx> wrote:

Multiple AV Vendor Incorrect CRC32 Bypass
Vulnerability.

Description:
if you create a zip archive with invalid CRC
checksum...... some AV skip scanning the archive
marking it as clean........ by this way, you can
bypass antivirus gateways and slip in any attachment
without scanning the archive.

I don't believe you need invalid CRC sums...we're currently investigate an interesting issue, more coming next here on this list ;-)

Regards,
        Dr. Peter Bieringer
--
Dr. Peter Bieringer                             Phone: +49-8102-895190
AERAsec Network Services and Security GmbH        Fax: +49-8102-895199
Wagenberger Strasse 1                          Mobile: +49-174-9015046
D-85662 Hohenbrunn                       E-Mail: pbieringer@xxxxxxxxxx
Germany                                Internet: http://www.aerasec.de

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

References:
- [Full-disclosure] Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability.
  - From: bipin gautam

Prev by Date: Re: [Full-disclosure] new BIG vulnerability in libc found!!!!!
Next by Date: RE: [Full-disclosure] Multiple AV Vendor Incorrect CRC32 BypassVulnerability.
Previous by thread: Re: [Full-disclosure] Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability.
Next by thread: Re: [Full-disclosure] Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability.
Index(es):
- Date
- Thread