Next Page >>
File size
4. If the file date is earlier than indicated in the below table,
the installation is vulnerable.
CA ARCserve Backup for Laptops and Desktops
File Name File Size (bytes) File Date
rxRPC.dll 131,072 June 11, 2008
CA ARCserve Backup for Laptops and Desktops 11.1, 11.1 SP1, 11.1
SP2
File Name File Size (bytes) File Date
4. If the file timestamp is earlier than indicated in the table
below, the installation is vulnerable.
Product version: CA ARCserve Backup r11.1 Windows
File Name: asdbapi.dll
File Size: 856064 bytes
Timestamp: 09/05/2008 10:35:19
Product version: CA ARCserve Backup r11.5 Windows*
File Name: asdbapi.dll
File Size: 1249354 bytes
Release Date 2009/11/19
Type Product Binaries
http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1
VMware vCenter Server 4 and modules
File size: 1.8 GB
File type: .iso
MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5
SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1
VMware vCenter Server 4 and modules
Release Date 2009/11/19
Type Product Binaries
http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1
VMware vCenter Server 4 and modules
File size: 1.8 GB
File type: .iso
MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5
SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1
VMware vCenter Server 4 and modules
Release Date 2010/01/29
Type Product Binaries
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VirtualCenter DVD image - English only version
File size: 854 MB
File type: .iso
md5sum: d83b09ac0533a418d5b7f5493dbd3ed3
sha1sum: 1b969b397a937402b5e9463efc767eff7a980ad0
VirtualCenter as a Zip file - English only version
Release Date 2010/01/29
Type Product Binaries
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VirtualCenter DVD image - English only version
File size: 854 MB
File type: .iso
md5sum: d83b09ac0533a418d5b7f5493dbd3ed3
sha1sum: 1b969b397a937402b5e9463efc767eff7a980ad0
VirtualCenter as a Zip file - English only version
3. Select the General tab.
4. If the file timestamp is earlier than indicated in the below
table, the installation is vulnerable.
Product Version File Name Timestamp File Size
11.5 caloggerd.exe 05/18/2007 10:55:48 299008 bytes
11.1 caloggerd.exe 05/18/2007 11:30:52 286720 bytes
* For Protection Suites r2 , use the file timestamp for CA
ARCserve Backup r11.5.
table, the installation is vulnerable.
Product
File Name
Timestamp
File Size
XOsoft 12.0 sp1
mng_core_com.dll
10/09/2010
2,007,040 bytes
Mitigation recommendations from Trend:
1. Open the ScanMail for Domino Configuration database
2. Go to Configurations > Policies
3. Double click on Default Mail Scan
4. Click on Scan Options Tab > Scan Restrictions
5. Put a mark on Exceed extracted file size and set this to either of the much secured action
a. Quarantine
b. Delete
6. Put any of the preferred value to maximum extracted file size
7. Click on Save & Closed
2. Right click on the file and select Properties.
3. Select the General tab.
4. If the file timestamp is earlier than indicated in the table
below, the installation is vulnerable.
Version File Name Timestamp File Size
11.5 asdbapi.dll 10/24/2007 08:43:08 1249354 bytes
11.1 asdbapi.dll 10/19/2007 17:56:00 856064 bytes
9.01 asdbapi.dll 10/19/2007 18:02:22 700416 bytes
* For Protection Suites r2, follow instructions for BrightStor
2. Right click on the file and select Properties.
3. Select the General tab.
4. If the file timestamp is earlier than indicated in the table
below, the installation is vulnerable.
Version File Name Timestamp File Size
11.5 mediasvr.exe 06/28/2007 15:16:20 110592 bytes
11.1 mediasvr.exe 07/02/2007 10:39:50 106496 bytes
9.01 mediasvr.exe 07/02/2007 13:57:50 98304 bytes
* For Protection Suites r2, follow instructions for BrightStor
4. If the file date is earlier than indicated in the below
table, the installation is vulnerable.
Product
File Name
File Size (bytes)
File Date
CA Software Delivery r11.2 C1, C2, C3
dtscore11.dll
218376
-zend_builtin_functions.c---
-PoC code---
[cx@82 /www]$ ulimit -a
socket buffer size (bytes, -b) unlimited
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) 524288
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) 40000
open files (-n) 11095
4. If the file timestamp is earlier than indicated in the table
below, the installation is vulnerable.
Product version: CA ARCserve Backup r11.1 Windows
File Name: DBserver.dll
File Size: 675840 bytes
Timestamp: 11/25/2008 09:32:21
*CA Protection Suites r2 includes CA ARCserve Backup 11.5
example, an .ani file on an unpacked Windows).
PoC: http://blog.hispasec.com/lab/files/UnrealCommander_PoC_spoof.zip
3. ZIP file size heap information leak
If the ZIP has a malformed file size in the file header, then Unreal
Commander writes to the file data from the heap. This could allow
potential information leak (ftp passwords ?), but this has not been
confirmed.
Format Factory`s Feature:
- support converting all popular video,audio,picture formats to others.
- Repair damaged video and audio file.
- Reducing Multimedia file size.
- Support iphone,ipod multimedia file formats.
- Picture converting supports Zoom,Rotate/Flip,tags.
- DVD Ripper.
- Supports 60 languages
Details: xcrc ..//..//..//..//a.txt 1 <some huge number> will disclose the file's size
xcrc ..//..//..//..//a.txt 1 2
xcrc ..//..//..//..//a.txt 1 3
...
xcrc ..//..//..//..//a.txt 1 <filesize>
when automated allows for an easy brute force attack on the crc's
Status: Submitted to Vendor 6/14/10 fixed 6/15/10
template();
$te=$HTTP_GET_VARS['te'];
$dir=$HTTP_GET_VARS['dir'];
$filename = "$dir/$te";
$fd = fopen ($filename, "r");
$stuff = fread ($fd, filesize ($filename));
fclose ($fd);
?>
-------
vuln:
http://site.com/editor.php?action=tempedit&m=[base64 password]&te=[local_file]&dir=[local_dir]
$file_i = '0';
while ($file=@readdir($dirs)) {
$filepath="$dir/$file";
$a=@is_dir($filepath);
if($a=="0"){
$size=@filesize($filepath);
$size=$size/1024 ;
$size= @number_format($size, 3);
if (@filectime($filepath) == @filemtime($filepath)) {
$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
database updates. The core of the package is an anti-virus engine
available in a form of shared library. "
II. Description
~~~~~~~~~~~~~~~
The parsing engine can be bypassed by manipulating CAB (Filesize) archives
in a "certain way" that the Clamav engine cannot extract the content but
the end user is able to.
III. Impact
~~~~~~~~~~~
Here's some further analysis of the 1 billion sample used as a training
set along with a separate 1 million sample used as a test set:
Applying the 697 million unique passwords (from the 1 billion sample
above) as a wordlist (6 GB file size) to crack another 1 million of
pwgen'ed passwords cracks 418168 of them (41.8%). For a uniform
distribution (which is not the case), this would correspond to total
keyspace size of about 1.67 billion passwords (between 30 and 31 bits).
Focusing on more frequent pwgen'ed passwords only:
Invalid SQL:
SELECT imageid, images.title, images.description, filename,
thumbname, originalname, extension, images.catid ,images.userid,
images.username, images.description, images.dateline, images.views,
posts ,width, height, originalwidth, originalheight ,filesize,
originalfilesize, images.lastpostdateline, images.lastpostuserid,
images.lastpostusername, votenum, votetotal, categories.title AS cattitle
FROM ppgal_images AS images
LEFT JOIN ppgal_categories AS categories USING (catid)
WHERE valid = 1 AND images.userid = 5
>
> or have wrong file?
>
> in attempting to upgrade png (due to security problem), we tried to
> pull from sourceforge mirrors.
> (note below, libpng says file size for libpng-1.2.27.tar.bz2 with
> scripts should be 641193) heanet has a bigger file.
> other sourceforge.net mirrors have it right.
>
> Was heanet.dl hacked? are some people downloading a trojanized
> version of png?
> 1024-bit RSA keys. There are ~32,000 such keys. If you devote an
> 80-bit hash to each one (which is easily large enough to give you a
> vanishingly small false positive probability; you could probably get
> away with 64 bits), that's 320KB.
Regarding blacklist file size, we (Openwall and ALT Linux, with support
from CivicActions) have done some work on SSH key blacklisting, and our
encoding scheme should be reusable for SSL as well. Our default
blacklist file contains 48-bit partial fingerprints for 1024-bit and
2048-bit RSA and 1024-bit DSA keys for PID range 1 to 32767 (a total of
almost 300k keys). The installed file size is just 1.3 MB, which
allow attackers to gather the real path of the server side script.
Proof of concept:
http://www.[xxxx].com/[path]/index.php?page=search&start=1&keyword=§ion=all&search=1
Warning: filesize() [function.filesize]: stat failed for show_msg in /home/xxxxx/public_html/vb/includes/template.class.php on line 99
Fatal error: ERROR::FILE_SIZE_IS_ZERO in /home/xxxxx/public_html/vb/includes/template.class.php on line 146
--------------------------------------------------
[W]orld [D]efacers [T]eam
II. Description
~~~~~~~~~~~~~~~
The parsing engine can be bypassed by a specially crafted and formated
CAB (Filesize) archive.
III. Impact
~~~~~~~~~~~
A general description of the impact and nature of AV Bypasses/evasions
can be read at :
Michael Scheidell wrote:
> (note below, libpng says file size for libpng-1.2.27.tar.bz2 with
> scripts should be 641193) heanet has a bigger file.
> other sourceforge.net mirrors have it right.
>
I've pulled the file from the SURFnet and University of Kent mirrors and
the simplesystems.org mirror referenced on the site. All have the same
804821 bytes big file. The tar.gz also doesn't match.
Format Factory`s Feature:
- support converting all popular video,audio,picture formats to others.
- Repair damaged video and audio file.
- Reducing Multimedia file size.
- Support iphone,ipod multimedia file formats.
- Picture converting supports Zoom,Rotate/Flip,tags.
- DVD Ripper.
- Supports 60 languages
or have wrong file?
in attempting to upgrade png (due to security problem), we tried to pull
from sourceforge mirrors.
(note below, libpng says file size for libpng-1.2.27.tar.bz2 with
scripts should be 641193) heanet has a bigger file.
other sourceforge.net mirrors have it right.
Was heanet.dl hacked? are some people downloading a trojanized version
of png?
Ikarus Software GMBH is an Anti-virus company based in Austria.
II. Description
~~~~~~~~~~~~~~~
The parsing engine can be bypassed by a specially crafted and formated
RAR (Headflags and Packsize),ZIP (Filelenght) and CAB (Filesize) archive.
III. Impact
~~~~~~~~~~~
The bug results in denying the engine the possibility to inspect
code within the CAb,RAR,ZIP archives. There is no inspection of content
Next Page>>
|
