exploit the possibilities
Showing 1 - 25 of 75 RSS Feed

Files from Thierry Zoller

Email addressthierry at zoller.lu
First Active2005-10-25
Last Active2020-02-26
AVAST Generic Archive Bypass
Posted Feb 26, 2020
Authored by Thierry Zoller

The AVAST parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating a ZIP archive so that it can be accessed by an end-user but not the anti-virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus
advisories | CVE-2020-9399
MD5 | 2a5619ab4bba5b0d39515674edc6e6b1
F-SECURE Generic Malformed Container Bypass
Posted Feb 25, 2020
Authored by Thierry Zoller

The F-SECURE parsing engine supports the GZIP Archive. The parsing engine can be bypassed by manipulating a GZIP archive (Compression Method). This way the User can extract the file but the AV Engine cannot giving the file a clean pass. Various products and versions are affected.

tags | advisory
advisories | CVE-2020-9342
MD5 | 249cbeaab013141f01432e1cab62a8a6
AVIRA Generic Malformed Container Bypass
Posted Feb 21, 2020
Authored by Thierry Zoller

The AVIRA parsing engine supports the ISO container format. The parsing engine can be bypassed by specifically manipulating the ISO Archive This leads to the Endpoint ignoring the container and the Gateways to let this file slip through uninspected. Avira does not patch or update their very popular command line scanner that is still available for download on their website. AV Engine versions below 8.3.54.138 are affected.

tags | advisory
advisories | CVE-2020-9320
MD5 | 46ba66f6cda072712c42db3e0f597db6
Bitdefender Generic Malformed Archive Bypass
Posted Feb 18, 2020
Authored by Thierry Zoller

The Bitdefender parsing engine supports the GZIP archive format. The parsing engine can be bypassed by specifically manipulating a GZIP Archive (Compression Method) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating.

tags | advisory, virus
MD5 | 98239a25a94376bf3a80578aae377a8b
Kaspersky Generic Malformed Archive Bypass
Posted Feb 17, 2020
Authored by Thierry Zoller

The Kaspersky parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (File Name length Field) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus
MD5 | 823c4edc758b7da4ee2da02a741a9952
F-SECURE Generic Malformed Container Bypass
Posted Feb 14, 2020
Authored by Thierry Zoller

The F-SECURE parsing engine supports the RAR Archive. The parsing engine can be bypassed by specifically manipulating a RAR archive. Various products are affected.

tags | advisory
MD5 | 192bc50776f25bf49730d36c48892734
AVIRA Generic Malformed Container Bypass
Posted Feb 13, 2020
Authored by Thierry Zoller

The AVIRA parsing engine can be bypassed by specifically manipulating the ZIP Archive (GPFLag) making the Avira parser believes the file to be encrypted although it isn't. This leads to the Endpoint ignoring the archive and the Avira Gateway Solutions to follow the "File is encrypted" logic.

tags | advisory
MD5 | 6e004bfa1a3b7ba17f65b840b147c977
ESET Generic Malformed Archive Bypass
Posted Feb 13, 2020
Authored by Thierry Zoller

The ESET parsing engine can be bypassed by specifically manipulating a ZIP Archive Compression Information Field so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus
MD5 | b070d226240b5ffffd20b8b5dd28cd36
Bitdefender Malformed Archive Bypass
Posted Jan 14, 2020
Authored by Thierry Zoller

The Bitdefender parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (RAR Compression Information) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. All Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019 are affected.

tags | advisory, virus
MD5 | 9ef57e4723299740f953c5176cce48f3
Bitdefender Generic Malformed Archive Bypass
Posted Jan 14, 2020
Authored by Thierry Zoller

The Bitdefender parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (Compressed Size) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. All Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019 are affected.

tags | advisory, virus
MD5 | c3051127930c29478cb249b21d1022b1
Kaspersky Generic Archive Bypass
Posted Jan 13, 2020
Authored by Thierry Zoller

The Kaspersky parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (File Name Length Field) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating. A vast array of Kaspersky products are affected.

tags | advisory, virus
MD5 | ea351cdfa434ec38583fdb174905503e
Bitdefender Malformed Archive Bypass
Posted Jan 13, 2020
Authored by Thierry Zoller

Bitdefender products suffer from a ZIP GPFLAG malformed archive bypass vulnerability. Affected includes all Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019.

tags | advisory, bypass
MD5 | 6f75acbd8899bedae1f80ba34a5c05e1
Bitdefender Malformed Archive Bypass
Posted Jan 10, 2020
Authored by Thierry Zoller

The parsing engine for various Bitdefender products supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (HOST_OS) so that it can be accessed by an end-user but not the anti-virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating.

tags | advisory, virus
MD5 | 81a8ef5675cb81458a3c0622ae1d3bb8
Kaspersky Generic Archive Bypass
Posted Jan 10, 2020
Authored by Thierry Zoller

The parsing engine in various Kaspersky products supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (Compression Size Flag) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus
MD5 | 8c75c890b3117a95e00edfc1d15eba80
Bitdefender Malformed Archive Bypass
Posted Jan 6, 2020
Authored by Thierry Zoller

The Bitdefender parsing engine supports the BZIP archive format. The parsing engine can be bypassed by specifically manipulating an BZIP archive so that it can be accessed by an end-user but not the antivirus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. Many Bitdefender products are affected.

tags | advisory
advisories | CVE-2019-17095
MD5 | cdab15d8649e62f906f6d477e835bbf3
ESET Generic Malformed Archive Bypass
Posted Jan 3, 2020
Authored by Thierry Zoller

Various ESET products suffer from a malformed archive bypass vulnerability. The parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive Compression Information Field so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus, bypass
MD5 | f10f389ae694b215abb2e4c2a013b423
Kaspersky Generic Archive Bypass
Posted Jan 3, 2020
Authored by Thierry Zoller

Various Kaspersky products suffer from a malformed archive bypass vulnerability. The parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus, bypass
MD5 | ca36137639ccd5a94d3f5edfcf83fc20
AVIRA Generic Antivirus Bypass
Posted Jan 3, 2020
Authored by Thierry Zoller

AVIRA engine versions below 8.3.54.138 suffer from a generic bypass vulnerability. The parsing engine supports the ISO container format. The parsing engine can be bypassed by specifically manipulating an ISO container so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus, bypass
MD5 | c0e4ae9f187665effb5e7ea15ffb7ef3
Good Mobile Access Man-In-The-Middle
Posted Nov 13, 2012
Authored by Thierry Zoller

GMA aka Good Mobile Access, part of the Good For Enterprise application, failed to validate server authenticity in versions prior to 2.0.2.

tags | advisory
MD5 | 246f26b78da591033bed7bad920b79cf
TLS/SSL Hardening And Compatibility Report
Posted Sep 30, 2011
Authored by Thierry Zoller | Site g-sec.lu

This report gives general recommendations as to how to configure SSL/TLS in order to provide state of the art authentication and encryption. The options offered by SSL engines grew from the early days since Netscape developed SSL2.0. The introduction of TLS made matters more challenging as servers and clients offer different sets of available options depending on which SSL engine (OpenSSL, NSS, SCHANNEL, etc.) they use. Finding the middle ground has proven difficult especially as the supported protocols and cipher suites are mostly not documented. To make matters more complicated Browsers may not use all functionality offered by the SSL stack, this report will only list functionality used by current Browsers. This report provides an overview of the currently available TLS options across Servers and Clients and allows you to offer support for a wide variety of Browsers an offer "good enough" security.

tags | paper, protocol
MD5 | ea3ba9ca23ddccb36b094184551e503d
Checkpoint SNX Privilege Escalation
Posted Mar 14, 2011
Authored by Thierry Zoller

Checkpoint SNX suffers from a privilege escalation vulnerability. Included products are the SSL Network Extender, Endpoint Security Client, Endpoint Connect, and Endpoint Security VPN.

tags | advisory
MD5 | 914274b524f02697ff9326e3f173bdda
Harden SSL/TLS Tool
Posted Feb 18, 2010
Authored by Thierry Zoller | Site g-sec.lu

"Harden SSL/TLS" hardens the default SSL/TLS settings of Windows 2000,2003,2008,2008R2, XP,Vista,7. It allows you to remotely set SSL/TLS policies allowing or denying certain ciphers/hashes or complete ciphersuites.

tags | encryption
systems | windows, 2k
MD5 | 5db5730516652db7e4920cf04249469b
SSL Audit Tool
Posted Feb 10, 2010
Authored by Thierry Zoller | Site g-sec.lu

Developed as part of G-SEC's investigation for the "Secure SSL/TLS configuration Report 2010", they developed this little tool called SSL Audit. SSL Audit scans web servers for SSL support, unlike other tools it is not limited to ciphers supported by SSL engines such as OpenSSL or NSS and can detect all known cipher suites. It also has a fingerprinting mode.

tags | web, encryption
MD5 | 862a18ea08deccd5a2a9c9e7db074ebf
TLS / SSLv3 Vulnerability Whitepaper
Posted Dec 1, 2009
Authored by Thierry Zoller

This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available. This is an update to the original release.

Changes: Added FTPS analysis, new attacks against HTTPS (injecting responses and downgrading to HTTP).
tags | paper, protocol
MD5 | c5beb910e8fe191ec7d383166a44716c
TLS / SSLv3 Vulnerability Explained
Posted Nov 18, 2009
Authored by Thierry Zoller

This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available.

tags | paper, protocol
MD5 | 8c7187ef4886ebc3a72ea1e852e95794
Page 1 of 3
Back123Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    15 Files
  • 27
    Feb 27th
    15 Files
  • 28
    Feb 28th
    4 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close