VICE Security AdvisoryVSA-2004-1
Summary:
Severity: Low
Title: VICE monitor memory
I recently received a spoofed email from USbank.com, and the link is encoded
like this to fool the browser:
http://[EMAIL PROTECTED]/www/us/verify.html
Is this the same old trick or something new?
Kristian Hermansen
[EMAIL PROTECTED]
___
--- npguy [EMAIL PROTECTED] wrote:
This comes when extracting module doesn't verify the
intgerity of headers. The
similar types of breaches were found in WinRAR. The
quick
approach to resolve is to verify the actual physical
size of the compressed
file against the headers info. WinRAR
On Sun, Jun 13, 2004 at 03:30:17AM -0700, bipin gautam wrote:
Hello everybody,
I wounder how many Antivirus/Trojan/Spyware scanners
will choak to death while having a manual scan of the
file:
http://www.geocities.com/visitbipin/SERVER_dwn.zip
I was woundering, what would be the results if such
Title: [Full-Disclosure] Antivirus/Trojan/Spyware scanners DoS!
The latest version of Panda
Antivirus didn't like it at all. It showed it scanned two files then promptly
locked up. ergh. I have the free version of AVG on one of the workstations at
the office, I'll try it there and see how
Multiple Antivirus Scanners DoS attack.
--- [Vulnerable Products] ---
Only tested on...
* Norton Antivirus 2002
* Norton Antivirus 2003
* Mcafee VirusScan 6
* Network Associates (McAfee) VirusScan Enterprise 7.1
* F-Prot 4.4.2 for Linux
* Rav Antivirus online Scanner [Couldn't
hey,
I had actually heard that before. But my aim is not to bypass the image, but
to solve what is essentially a Turing Test in computer vision.
Cheers, Tom Keetch
From: [EMAIL PROTECTED]
To: Tom K [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Visual Captchas AKA Word
oh yes its several month old and still in wild...phiser favorates..
On Monday 14 June 2004 07:51 am, Kristian Hermansen wrote:
I recently received a spoofed email from USbank.com, and the link is
encoded like this to fool the browser:
http://[EMAIL PROTECTED]/www/us/verify.html
Is this
well The advisory makes no details and seems to be very naive touch.
On Monday 14 June 2004 02:13 pm, bipin gautam wrote:
Multiple Antivirus Scanners DoS attack.
* F-Prot 4.4.2 for Linux
linux F-Prot work perfectly well. Test before you make claims.
* Rav Antivirus online Scanner
::Source Code of Html file:: (might be wrapped)
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
HTMLHEAD
META http-equiv=Content-Type content=text/html; charset=iso-8859-7MAP
name=FPMap0AREA shape=RECT coords=0,0,610,275
On Thu, 2004-06-10 at 16:19, [EMAIL PROTECTED] wrote:
On Thu, 10 Jun 2004 14:38:08 +0300, Georgi Guninski said:
On Thu, Jun 10, 2004 at 10:14:21AM +0200, Feher Tamas wrote:
http://zdnet.com.com/2100-1105-5229707.html
the early stages of building the case, Toulouse said. The company is
* Windows Xp default ZIP manager [report's wrong
size
of compress ZIP files.]
if you mess with headers any compression API tells
you
the same wrong size. Check zlib, infoZip, rar, arj.
There is no way to get detect these changes.
Checking each file integrity
against the header
You can dos any machine with big enough files if they run out of
partition(linux) or hard disk or memory space(windows). I had somebody
show me this with a 20 gig bzipped null character attachment last year
on this list.
bipin gautam wrote:
Multiple Antivirus Scanners DoS attack.
---
do you have any idea how i created these compressed
archive??? i didn't modified the header info!!!
i created it using dd if=/dev/zero ..
Yeah right. I believe the first time I saw this reported was like 1998.
Why don't you check mailing list archives before making such a big fuzz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 518-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
June 14th, 2004
Looked through the archives here and didn't see this one yet..
http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
Alva Lease 'Skip' Duckwall IV
CISSP,RHCE,SCSA
skip at duckwall d0t net
___
Full-Disclosure - We believe in it.
Charter:
--- Jan Muenther [EMAIL PROTECTED] wrote:
do you have any idea how i created these
compressed
archive??? i didn't modified the header info!!!
i created it using dd if=/dev/zero ..
Yeah right. I believe the first time I saw this
reported was like 1998.
Why don't you check
inadvertantly replied to an email before instead of making a new
message...
Looked through the archives here and didn't see this one yet..
http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
Alva Lease 'Skip' Duckwall IV
CISSP,RHCE,SCSA
skip at duckwall d0t net
--- Jan Muenther [EMAIL PROTECTED] wrote:
do you have any idea how i created these
compressed
archive??? i didn't modified the header info!!!
i created it using dd if=/dev/zero ..
Yeah right. I believe the first time I saw this
reported was like 1998.
Why don't you check
On Fri, 11 Jun 2004, [EMAIL PROTECTED] wrote:
From the original discover, 'bitlance winter' one big fat
coelacanth:
a href=http://www.malware.com%2F redir=www.e-gold.comtest/a
JFYI: This only works with direct internet access -- not if any kind of
proxy is involved. With the latter, IE does
Hi,
Looked through the archives here and didn't see this one yet..
http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
There is also an article in Slashdot ( i've been out of the list and
possibly others sent the link , anyway i'm pasting it here ):
Summary
There is a severe bug in racoon's authentication via digital
signatures with certificates.
Description
racoon verifies the peer's certificate using eay_check_x509cert().
For some strange reason eay_check_x509cert() sets a verify callback:
Norton AV Corporate Ed.
version 7.60.926
Displayed it as a virus in about a second. Kept on scanning, didn't stop after
a minute. I aborted it only to have disk cleaner come up due to running out of
space. Told it to stop but it kept going. System crashed. :(
Mike
There is a history of years and years
of antivirus products
choking on funky compressed files.
We had reports of quite a few AV products
crapping out on
the invalid zip files included with
our zip advisory from 2002:
http://www.rapid7.com/advisories/R7-0004/R7-0004.tgz
Date: Mon, 14 Jun 2004 22:02:55 +0400 (MSD)
Subject: Virus News: Viruses move to mobile phones
From: [EMAIL PROTECTED]
Virus News. Monday, June 14, 2004
***
1. Viruses move to mobile phones
2. How to subscribe/unsubscribe
3. Security Rules
1. Viruses move
Again we see that a factual and independent index of security
vulnerabilities is needed to objectively assess security in a
complex environment.
I have proposed the Clairmont-Everhardt Index of Security Vulnerability
to be that objective measurement. As published earlier, this index could
~~~
Application: Internet Explorer
Vendors: http://www.microsoft.com
Versions: 6.0.2800.1106.xpclnt_qfe.021108-2107
Patched With: SP1;Q832894;Q330994;Q837009;Q831167;
ModName: mshtml.dll
ModVer:
Pivot 1.10 Soundwave - Remote Code Execution
loofus - 0x90.org
Greets:
---
Downbload, nummish, peace, war-cow, rest of 0x90.org.
Description:
Pivot is a tool to create weblogs, without the need of a database. Pivot is
easy
You think infosec.volubis.com was dissing us? BTW, haven't gotten spyware
one since switching to FireFox 6 months ago. And the extensions rock!
Quote:
Detailed information on a brace of unpatched vulnerabilities in Internet
Explorer has been posted onto a dull disclosure mailing list. The flaws
It has been few reports F-Prot 4.4.2 for Linux has a problem!!!
F-PROT 4.4.2 worked fine for me, although it took a little time (about 5
minutes). I tried this with an older version 3.12d which found the same
results in 20 seconds. Also, in case you weren't aware, F-Prot Antivirus
for Linux is
--- [EMAIL PROTECTED] wrote:
There is a history of years and years of antivirus
products
choking on funky compressed files.
We had reports of quite a few AV products crapping
out on
the invalid zip files included with our zip advisory
from 2002:
On Mon, 14 Jun 2004, Barrie Dempster wrote:
Does anyone know of a *reputable* list of similar nature detailing how
linux and other OSS perform in the discovery-patch timescale.
You could check the Bugtraq archives and see how quickly they come out
with a fix when a vulnerability is announced.
On Tue, 15 Jun 2004 09:57:04 +1000, Dave Horsfall [EMAIL PROTECTED] said:
On Mon, 14 Jun 2004, Barrie Dempster wrote:
Does anyone know of a *reputable* list of similar nature detailing how
linux and other OSS perform in the discovery-patch timescale.
You could check the Bugtraq archives
Doesn't look like a null pointer to me, especially since it crashes while
reading 800c0005...
I think it's a format string vulnerability, causing ntdll.RtlFormatMessage
to call ntdll._snwprintf with your href. Might be exploitable, I'll have a
look...
Cheers,
SkyLined
- Original Message -
On Mon, 2004-06-14 at 18:38, bipin gautam wrote:
Multiple Antivirus Scanners DoS attack.
--- [Vulnerable Products] ---
Only tested on...
* Norton Antivirus 2002
* Norton Antivirus 2003
* Mcafee VirusScan 6
* Network Associates (McAfee) VirusScan Enterprise 7.1
* Windows Xp
friend in FD likes to see how did u create the zip header using `dd
if=/dev/zero`?
well not to forget u are listed in Top Ten Hoaxes Of February
http://www.governmentsecurity.org/forum/index.php?act=STf=25t=6955
On Monday 14 June 2004 06:27 pm, bipin gautam wrote:
* Windows Xp
36 matches
Mail list logo