Re: [Full-Disclosure] [HV-LOW] Symantec LiveUpdate issues may cause DoS

From: Dan Margolis (krispykringle_at_gentoo.org)
Date: 12/14/04

  • Next message: b0f: "[Full-Disclosure] Winamp 5.07 (latest version) Remote Crash + other stupid shizle"
    Date: Mon, 13 Dec 2004 21:45:36 -0500
    To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
    
    

    If an attacker can spoof the signature file download site, he can
    potentially do quite a bit worse than this (in that he can deny the
    usability of the antivirus engine at all by providing a bogus
    signature file). I'd think that some form of cryptography would be in
    use to prevent this (either SSL or signing of the archives
    themselves). Am I mistaken?

    (Caveat being that I don't use any anti-virus products of this nature,
    so I really don't know.)

    On Thu, Nov 04, 2004 at 03:56:02PM -0800, vuln@hexview.com wrote:
    > After downloading ZIP archive off the website (either legitimate
    > Symantec website or a spoofed one controlled by attacker)

    -- 
    Dan
    

  • Next message: b0f: "[Full-Disclosure] Winamp 5.07 (latest version) Remote Crash + other stupid shizle"

    Relevant Pages