ZIP or Rar argument may take nose dive....
-
http://www.securityfocus.com/bid/22447[^] Turns our Winrar password protection is no longer effective.
Bradml wrote:
Turns our Winrar password protection is no longer effective.
To my understanding, the bug is simply a buffer overflow in the Unrar decryption code. From the report: "Unrar is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code with the privileges of the user opening the archive." This does not mean that the password protection would be ineffective! When decrypting, the Unrar tool could maybe crash or execute malicious code, but it does not break the encryption (which would be far more critical in my opinion).
Too many passwords to remember? Try KeePass Password Safe!
-
Bradml wrote:
Turns our Winrar password protection is no longer effective.
To my understanding, the bug is simply a buffer overflow in the Unrar decryption code. From the report: "Unrar is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code with the privileges of the user opening the archive." This does not mean that the password protection would be ineffective! When decrypting, the Unrar tool could maybe crash or execute malicious code, but it does not break the encryption (which would be far more critical in my opinion).
Too many passwords to remember? Try KeePass Password Safe!
Far more critical than installing a backdoor? I agree that circumventing the password protection would help "casual abuse" i.e. the hole is wider but less deep.
Developers, Developers, Developers, Developers, Developers, Developers, Velopers, Develprs, Developers!
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
Linkify!|Fold With Us! -
http://www.securityfocus.com/bid/22447[^] Turns our Winrar password protection is no longer effective.
there's an argument? i thought the situation was pretty clear: pirates use RAR, everyone else uses ZIP
image processing toolkits | batch image processing | blogging
-
there's an argument? i thought the situation was pretty clear: pirates use RAR, everyone else uses ZIP
image processing toolkits | batch image processing | blogging
-
there's an argument? i thought the situation was pretty clear: pirates use RAR, everyone else uses ZIP
image processing toolkits | batch image processing | blogging
Not that clear. Oim not a scurvey Poirate, and Oi use WinRar (Sorry, feeble attempt at a text pirate accent :) ) - Phil