Re: [Full-disclosure] NUL Character Evasion
From: Williams, James K (James.Williams_at_ca.com)
Date: 09/16/05
- Previous message: Siegfried: "Re: [Full-disclosure] Message for D1g1t4lLeech ZATAZ Audit has discovered this bug the 2005-09-05 D1g1t4lLeech you are a true Leecher ; )"
- Maybe in reply to: ju_at_heisec.de: "[Full-disclosure] NUL Character Evasion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 16 Sep 2005 12:05:05 -0400 To: <full-disclosure@lists.grok.org.uk>
> List: full-disclosure
> Subject: Re: [Full-disclosure] NUL Character Evasion
> From: fd () ew ! nsci ! us
> Date: 2005-09-15 19:57:30
>
> > > On Thu, 15 Sep 2005, Williams, James K wrote:
> > > List: full-disclosure
> > > Subject: [Full-disclosure] NUL Character Evasion
> > > From: ju () heisec ! de
> > > Date: 2005-09-13 21:24:42
> >
> > Thank you for the report. Computer Associates is currently
> > investigating the issue (as it relates to CA products).
> >
> > Regards,
> > kw
>
> Ken,
>
> How long until this update hits your product?
>
> -Eric
>
> --
> Eric Wheeler
As initially suspected, from the AV signature perspective, this
is not a critical issue until and unless something specific
shows up in the wild or is reported to a vendor. The NUL char
insertion concept is similar in theory to, for example, K2's
classic ADMmutate[1] polymorphic shellcode engine for NIDS
evasion, or simply adding NOPs to an executable. Alex and
Neel[2] discussed this class of AV vulns at core05 and Blackhat.
Regards,
kw
[1] http://www.ktwo.ca/security.html
[2] http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-wheeler.pdf
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Siegfried: "Re: [Full-disclosure] Message for D1g1t4lLeech ZATAZ Audit has discovered this bug the 2005-09-05 D1g1t4lLeech you are a true Leecher ; )"
- Maybe in reply to: ju_at_heisec.de: "[Full-disclosure] NUL Character Evasion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
