what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 76 RSS Feed

Files from Thierry Zoller

Email addressthierry at zoller.lu
First Active2005-10-25
Last Active2020-03-02
QuickHeal Generic Malformed Archive Bypass
Posted Mar 2, 2020
Authored by Thierry Zoller

The QuickHeal parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (GPFLAG) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating.

tags | advisory, virus
advisories | CVE-2020-9362
SHA-256 | 21b40b46cf54a2a2543b7b5d28c8636ee603079b9c6d362408cdc930b9943fe1
AVAST Generic Archive Bypass
Posted Feb 26, 2020
Authored by Thierry Zoller

The AVAST parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating a ZIP archive so that it can be accessed by an end-user but not the anti-virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus
advisories | CVE-2020-9399
SHA-256 | 04142bff062e990548f8097f71222a4ee9c85d1768f97fcbf3deca2f91ed21e3
F-SECURE Generic Malformed Container Bypass
Posted Feb 25, 2020
Authored by Thierry Zoller

The F-SECURE parsing engine supports the GZIP Archive. The parsing engine can be bypassed by manipulating a GZIP archive (Compression Method). This way the User can extract the file but the AV Engine cannot giving the file a clean pass. Various products and versions are affected.

tags | advisory
advisories | CVE-2020-9342
SHA-256 | fbec8e3dcdca05c0034af0f09e6fb074d27522a6d8e9187b70e6a9d79f55cbb6
AVIRA Generic Malformed Container Bypass
Posted Feb 21, 2020
Authored by Thierry Zoller

The AVIRA parsing engine supports the ISO container format. The parsing engine can be bypassed by specifically manipulating the ISO Archive This leads to the Endpoint ignoring the container and the Gateways to let this file slip through uninspected. Avira does not patch or update their very popular command line scanner that is still available for download on their website. AV Engine versions below 8.3.54.138 are affected.

tags | advisory
advisories | CVE-2020-9320
SHA-256 | e3a1a68dae3a544a78b4225ef81e20a998dd5f42a98b27d7f851c97568992124
Bitdefender Generic Malformed Archive Bypass
Posted Feb 18, 2020
Authored by Thierry Zoller

The Bitdefender parsing engine supports the GZIP archive format. The parsing engine can be bypassed by specifically manipulating a GZIP Archive (Compression Method) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating.

tags | advisory, virus
SHA-256 | c256232508baed278b7019fdb1635fe3c42c5be13f855d4c505917c5e8668458
Kaspersky Generic Malformed Archive Bypass
Posted Feb 17, 2020
Authored by Thierry Zoller

The Kaspersky parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (File Name length Field) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus
SHA-256 | 120b942ba426b1b9b55e704db5b9c97a9ee87d788829b6e6ce558de71c97c890
F-SECURE Generic Malformed Container Bypass
Posted Feb 14, 2020
Authored by Thierry Zoller

The F-SECURE parsing engine supports the RAR Archive. The parsing engine can be bypassed by specifically manipulating a RAR archive. Various products are affected.

tags | advisory
SHA-256 | f8afc9d260d24a97130afc2b29b93956227a49e671abb3b13665f13a1b0de68d
AVIRA Generic Malformed Container Bypass
Posted Feb 13, 2020
Authored by Thierry Zoller

The AVIRA parsing engine can be bypassed by specifically manipulating the ZIP Archive (GPFLag) making the Avira parser believes the file to be encrypted although it isn't. This leads to the Endpoint ignoring the archive and the Avira Gateway Solutions to follow the "File is encrypted" logic.

tags | advisory
SHA-256 | ac2daf7bcc95857b4f5049cebd3177cbe3381b4badbb37ff3079ae24ed46821a
ESET Generic Malformed Archive Bypass
Posted Feb 13, 2020
Authored by Thierry Zoller

The ESET parsing engine can be bypassed by specifically manipulating a ZIP Archive Compression Information Field so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus
SHA-256 | e2f741cde9f439ac70973eeae7d76a4af0d0b4eb7a85e38074a57965ddaf71b3
Bitdefender Malformed Archive Bypass
Posted Jan 14, 2020
Authored by Thierry Zoller

The Bitdefender parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (RAR Compression Information) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. All Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019 are affected.

tags | advisory, virus
SHA-256 | 56d047fd1371cddc803a7c6831bbb28724f403134f3ad701d0d1f2b2b8a12b6d
Bitdefender Generic Malformed Archive Bypass
Posted Jan 14, 2020
Authored by Thierry Zoller

The Bitdefender parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (Compressed Size) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. All Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019 are affected.

tags | advisory, virus
SHA-256 | 1ee5d2c1f340adcecb8d86ba987e2df0e0cc93d8618945a14a6393943bdd41ce
Kaspersky Generic Archive Bypass
Posted Jan 13, 2020
Authored by Thierry Zoller

The Kaspersky parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (File Name Length Field) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating. A vast array of Kaspersky products are affected.

tags | advisory, virus
SHA-256 | 5ace3f40cceae356bd67470cd3e790eaead40adc7b7b21eaab4d4e91d3df1bc0
Bitdefender Malformed Archive Bypass
Posted Jan 13, 2020
Authored by Thierry Zoller

Bitdefender products suffer from a ZIP GPFLAG malformed archive bypass vulnerability. Affected includes all Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019.

tags | advisory, bypass
SHA-256 | 8a04a45f5bad5e89212de014eb589ed0ff5c2e09cbfb8bce3337bc332720c94b
Bitdefender Malformed Archive Bypass
Posted Jan 10, 2020
Authored by Thierry Zoller

The parsing engine for various Bitdefender products supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (HOST_OS) so that it can be accessed by an end-user but not the anti-virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating.

tags | advisory, virus
SHA-256 | 793090fba48547497446172319a1c4df12912499fed2f2b0ce09b16332463da7
Kaspersky Generic Archive Bypass
Posted Jan 10, 2020
Authored by Thierry Zoller

The parsing engine in various Kaspersky products supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (Compression Size Flag) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus
SHA-256 | 9de58a261f7a885904785912ed09937ff3ced4a9bf116489ceebbeb94fc32870
Bitdefender Malformed Archive Bypass
Posted Jan 6, 2020
Authored by Thierry Zoller

The Bitdefender parsing engine supports the BZIP archive format. The parsing engine can be bypassed by specifically manipulating an BZIP archive so that it can be accessed by an end-user but not the antivirus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. Many Bitdefender products are affected.

tags | advisory
advisories | CVE-2019-17095
SHA-256 | db03e9aa748a184f6f406c631f87e33d5d91312f61fbfe71c3deba6c9f7a8469
ESET Generic Malformed Archive Bypass
Posted Jan 3, 2020
Authored by Thierry Zoller

Various ESET products suffer from a malformed archive bypass vulnerability. The parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive Compression Information Field so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus, bypass
SHA-256 | e595080ef9294e0013cd99505d0511438b8e9a9b7f4057d2da69f4d459dfb3db
Kaspersky Generic Archive Bypass
Posted Jan 3, 2020
Authored by Thierry Zoller

Various Kaspersky products suffer from a malformed archive bypass vulnerability. The parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus, bypass
SHA-256 | a286067acc022536c419ead7b3c44c32cae3b28176e030a8b391001836b03a1c
AVIRA Generic Antivirus Bypass
Posted Jan 3, 2020
Authored by Thierry Zoller

AVIRA engine versions below 8.3.54.138 suffer from a generic bypass vulnerability. The parsing engine supports the ISO container format. The parsing engine can be bypassed by specifically manipulating an ISO container so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus, bypass
SHA-256 | 85c4b06afcbbc9a3f987b258ae2ab7050eaf9660ac992ddb9e1593f4bc088632
Good Mobile Access Man-In-The-Middle
Posted Nov 13, 2012
Authored by Thierry Zoller

GMA aka Good Mobile Access, part of the Good For Enterprise application, failed to validate server authenticity in versions prior to 2.0.2.

tags | advisory
SHA-256 | 437e815284a5837eb0e26f1d859c302fe999bb741e9a78b22782fe918ba09bc1
TLS/SSL Hardening And Compatibility Report
Posted Sep 30, 2011
Authored by Thierry Zoller | Site g-sec.lu

This report gives general recommendations as to how to configure SSL/TLS in order to provide state of the art authentication and encryption. The options offered by SSL engines grew from the early days since Netscape developed SSL2.0. The introduction of TLS made matters more challenging as servers and clients offer different sets of available options depending on which SSL engine (OpenSSL, NSS, SCHANNEL, etc.) they use. Finding the middle ground has proven difficult especially as the supported protocols and cipher suites are mostly not documented. To make matters more complicated Browsers may not use all functionality offered by the SSL stack, this report will only list functionality used by current Browsers. This report provides an overview of the currently available TLS options across Servers and Clients and allows you to offer support for a wide variety of Browsers an offer "good enough" security.

tags | paper, protocol
SHA-256 | afe6f4a0ab4ce26e52bdcf64e8ae768dd81416309332ac0a348749bb8aaf5074
Checkpoint SNX Privilege Escalation
Posted Mar 14, 2011
Authored by Thierry Zoller

Checkpoint SNX suffers from a privilege escalation vulnerability. Included products are the SSL Network Extender, Endpoint Security Client, Endpoint Connect, and Endpoint Security VPN.

tags | advisory
SHA-256 | 5a6d54cd88685ffaad03d53a56c8814889c848f58d1df04d1fd2faef83d0e166
Harden SSL/TLS Tool
Posted Feb 18, 2010
Authored by Thierry Zoller | Site g-sec.lu

"Harden SSL/TLS" hardens the default SSL/TLS settings of Windows 2000,2003,2008,2008R2, XP,Vista,7. It allows you to remotely set SSL/TLS policies allowing or denying certain ciphers/hashes or complete ciphersuites.

tags | encryption
systems | windows
SHA-256 | f6da94916529959fc189c5e46d110273a1d8f5e56414318132ae5e991fc92e46
SSL Audit Tool
Posted Feb 10, 2010
Authored by Thierry Zoller | Site g-sec.lu

Developed as part of G-SEC's investigation for the "Secure SSL/TLS configuration Report 2010", they developed this little tool called SSL Audit. SSL Audit scans web servers for SSL support, unlike other tools it is not limited to ciphers supported by SSL engines such as OpenSSL or NSS and can detect all known cipher suites. It also has a fingerprinting mode.

tags | web, encryption
SHA-256 | 28724527671579a60227726d8f0274db7ecfcf5fa272303bdca45d92ef5cb702
TLS / SSLv3 Vulnerability Whitepaper
Posted Dec 1, 2009
Authored by Thierry Zoller

This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available. This is an update to the original release.

Changes: Added FTPS analysis, new attacks against HTTPS (injecting responses and downgrading to HTTP).
tags | paper, protocol
SHA-256 | e3248ace7a5b9361f7b718d101f566a149375092c32ee63eca3bad0a84efdc31
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close