what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Vitaly Shmatikov

Apache Libcloud 0.11.1 Possible Man In The Middle

Posted Aug 3, 2012

Authored by Suman Jana, Vitaly Shmatikov, Martin Georgiev | Site libcloud.apache.org

Apache Libcloud versions 0.4.2 through 0.11.1 suffer from a possible man-in-the-middle condition. When establishing a secure (SSL / TLS) connection to a target server an invalid regular expression has been used for performing the hostname verification. Subset instead of the full target server hostname has been marked as an acceptable match for the given hostname.

tags | advisory

advisories | CVE-2012-3446

SHA-256 | 9e708dbf4b24b26ef40d5b23c71eaa9fae3674a5663c7c3350ac8e0bede741fe

Download | Favorite | View

Anti-Virus File Parsing Evasion

Posted Mar 19, 2012

Authored by Suman Jana, Vitaly Shmatikov

Many different AntiVirus products suffer from various file-parsing evasion vulnerabilities. Some of the affected pieces of software include AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, and Panda 10.0.

tags | advisory, vulnerability

advisories | CVE-2012-1419, CVE-2012-1420, CVE-2012-1421, CVE-2012-1422, CVE-2012-1423, CVE-2012-1424, CVE-2012-1425, CVE-2012-1426, CVE-2012-1427, CVE-2012-1428, CVE-2012-1429, CVE-2012-1430, CVE-2012-1431, CVE-2012-1432, CVE-2012-1433, CVE-2012-1434, CVE-2012-1435, CVE-2012-1436, CVE-2012-1437, CVE-2012-1438, CVE-2012-1439, CVE-2012-1440, CVE-2012-1441, CVE-2012-1442, CVE-2012-1443, CVE-2012-1444, CVE-2012-1445, CVE-2012-1446

SHA-256 | 193275575de0eac59e8a98740fa704a8e2265457fd5a44adfa2b9f9c7719d0d6

Download | Favorite | View