|
|
[ Message Precedent sur la mailing][ Message Suivant sur la mailing][ Precedent dans le fil][ Prochain dans le fil][ Index par Date][ Index par fil]
[Full-disclosure] Update: [TZO-15-2009] Aladdin eSafe generic bypass - Forced release
Update:
Aladdin responded and posted a blog post, please read the timeline and
then the blog post.
link://[click]
It is said that :
-----------------
"This means that in case a customer receives such a specially crafted
archive file, he will not be able to extract it."
This is wrong. Winrar for example extracts the PoC files fine.
"We have acted on the issue after two days since its first coming
into view."
Please see the timeline below and draw your conclusions
"The eSafe products affected by this vulnerability are 7.1, 7.0, and
6."
I was not communicated this information and had to find a referer in
my log files in order to know.
Full update to be published after more discussions...
-------------
IV. Disclosure timeline
~~~~~~~~~~~~~~~~~~~~~~~~~
DD/MM/YYYY
04/04/2009 : Send proof of concept, description the terms under which
I cooperate and the planned disclosure date. There is
no security adress listed at [1] and hence took previously
known security contacts that are known to exist.
No reply.
13/04/2009 : Resending. Copied security@xxxxxxxxxx, security@xxxxxxxxxxx
secure@xxxxxxxxxxx, secure@xxxxxxxxxx,support@xxxxxxxxxxx,
support@xxxxxxxxxx in CC.
No reply.
16/04/2009 : Resending specifying this is the last attempt to disclose
reponsibly.
No reply.
18/04/2009 : Online virus scan service offered to gap the bridge between
vendors that don't reply and myself. Aladin was contacted
through third party.
No reaction
19/04/2009 : Aladdin visited the blog entry that explains the bypasses
and impacts. link://[click]
No reaction
27/04/2009 : Release of this limited advisory.
[1] link://[click]
Full-Disclosure - We believe in it.
Charter: link://[click]
Hosted and sponsored by Secunia - link://[click]
Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
