Changes : [TZO-17-2009]Trendmicro multiple bypass/evasions

To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>, full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, <info@xxxxxxxxxxxxx>, <vuln@xxxxxxxxxxx>, <cert@xxxxxxxx>, <nvd@xxxxxxxx>, <cve@xxxxxxxxx>
Subject: Changes : [TZO-17-2009]Trendmicro multiple bypass/evasions
From: Thierry Zoller <Thierry@xxxxxxxxx>
Date: Sat, 9 May 2009 12:24:24 +0200
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Resent-cc: recipient list not shown: ;
Resent-date: Sat, 9 May 2009 04:24:57 -0600
Resent-from: Thierry Zoller <Thierry@xxxxxxxxx>
Resent-message-id: <200905091024.n49AOvtt000674@xxxxxxxxxxxxxxxxxxxxx>

______________________________________________________________________

           UPDATE : Trendmicro RAR / CAB bypass evasion
______________________________________________________________________


CHANGES to original advisory [TZO-172009] Trendmicro : 
------------------------------------------------------

Status     : RAR / CAB  issue WILL be patched on June 17

Quoting vendor : 
"This vulnerability is capable of allowing attackers to send RAR files 
with corrupted RAR headers through our gateway products, which bypass 
the compressed files without scanning them."


Comment:
This   just  goes  to  proove  that  publishing changes perception, as
customers   read,   react   and  complain.  (Trend  previously  denied
patching). In other words, always publish even if the vendor denies
patching.

In  the  name  of all TrendMicro customers I would like to thank those
customers that reacted and complained. Wihtout publication there is no
change, without those reacting to advisories there is neither.

Prooves #2 and #5 at 
http://blog.zoller.lu/2009/04/dear-thierry-why-are-you-such-arrogant.html
to be valid.

Regards,
Thierry Zoller

Prev by Date: [SECURITY] [DSA 1797-1] New xulrunner packages fix several vulnerabilities
Next by Date: [TZO-21-2009] Fprot CAB bypass / evasion
Previous by thread: [SECURITY] [DSA 1797-1] New xulrunner packages fix several vulnerabilities
Next by thread: [TZO-21-2009] Fprot CAB bypass / evasion
Index(es):
- Date
- Thread