[VIM] Vulnerabilities Hashes DB needed (fwd)

security curmudgeon jericho at attrition.org
Sun May 6 17:21:32 UTC 2007


Hopefully down the road this person will disclose the vendor that did 
this. I've heard other people run into the same situation occasionally, 
but it would be nice to see if there is a trend or common vendor doing 
this.

---------- Forwarded message ----------
From: shadown <shadown at gmail.com>
To: dailydave at lists.immunitysec.com, full-disclosure at lists.grok.org.uk,
     bugtraq at securityfocus.com
Date: Sun, 6 May 2007 17:45:45 +0200
Subject: [Full-disclosure] Vulnerabilities Hashes DB needed

[Moderator: I ask you to accept this mail, so that the comunity may come
with a solution. Thanks in advance.]

Hi,

During the near past I have to confront some issues when reporting
vulnerabilities to the vendors, I'm not going to disclose the vendor's names
because is not the goal of this mail, but to become with a solution. I'm
asking the researches comunity and whoever can help us to come with the best
solution. In this mail I'll explain my reasons and what I think is the best
solution (actually I've borow the idea from others) and ask the comunity if
someone thinks that is a better one.

Reasons:
--------------

1- I've contacted with some vendor and after getting the right security
contact to send the vulnerabilities I've sent the pgped PoC files. Then the
vendor didn't come any more to me. After a month I've contacted the vendor
again, the vendor said: 'oh, I didn't receive the mail'. I've resent the
mail and the vendor replayed: 'I've tryed the PoC files and none of them
worked, probably our internal testing team found them'. After receiving that
answer from the vendor I've downloaded the software again and the
vulnerabilities were fixed. I did a binary diffing to analyze OLD vs. NEW
version and extraordinary...the bug I've reported + two other bugs where
fixed, what was a bit suspicious. I've ask about this to the vendor and the
vendor replayed the following:

"""
  It's hard to imagine that the respective fix would be directly related to
your files because we haven't had them. Don't get me wrong, we have no
problem crediting anyone who reports bugs to us, helping us to improve our
software (just as we did e.g. in the case of version XXXXX where we
credited XXX YYYY - see
http://www.linktothecredit ) but I
don't think this applies here, really...

Sorry - maybe you can find some other overruns in the current build? (or,
even better, in the build that's coming out in about a week - because that
one has some new fixes in it, too [so it's theoretically possible you'd hit
something that has already been fixed, too]).
"""

This was the case with one vendor, and pretty similar situation with others.
(ofcourse there were excelent comunication with some other vendors, but is
out of the scope of the solution that I want to come with.)
2- There are some vendors that are really dificult to deal with. It took me
about 4 months to get the right contact to report the bugs, and this would
be another think to think about, A public 'Vendor's Vulnerability Reporting
Contact DB/List'.

As I do believe in responsible disclosure, I don't agree with 'giving up and
launchin 0days' so that vendors eat their s**t, the following is what I
think is the best solution for it.

Solution:
-------------

First of all: I've taken this idea from matasano and Halvar, that were the
ones I've seen that did this in the past.
The main mailling list should create a 'Vulnerabilities Hashes mailing list'
where the researches comunity can send the hashes of the PoC files just
before they conctact the vendors. That way if the vendors do not give the
proper credits to the researchers, at least the researches will have another
proof to show that they were the ones that reported the vulnerabilities, and
not just the mails they've crossed with the vendors.

Final Comments:
-------------------------

I'm pretty sure that a lot of researches has this kind of problems in the
past and this is really frustrating.

*** I don't want this mail to end up being a: "Oh, yes, I have this problem
with xxx", and so. Please don't do that because is NOT the goal of this
mail. Just bring your ideas to improve this and to make this 'Vulnerability
Hashes mailling list' to happen. ***

The following is are the MD5, SHA-1 and SHA-256 hashes of the
vulnerabilities that I'll be reporting to the vendors after sending and
seeing the post in the mailling list. This is a verdors based hashes,
because probably in some cases the PoC files behind this hashes may affect
other vendors, but as I didn't try with other vendors I don't deserve the
credits for the vendors that I didn't spot vulnerabilities, if other
researcher finds the same bugs in other vendors, they are the ones that
deserve the credits for that.


AnhLab V3:
----------

65d9c1f2a9f3e7cf90e814ad27c7868b
bf6460b08b07b9fdfc90e243e8c72b326b4070f4
e766ac5bedb1144a8bb0426382aec5b58d9fcbf2ac560c321e474f57124c322b

Avira Antivir:
--------------

6be69d215a9abee4c5966243fbd074a2
34ad8cd7fd38a8c6af9d6e13bd2bbe72806ceee4
1094efa900cd1b0bcacbd38fa6ebee65bace529227512d25cdeede4dadbaef7b

770206b8b023069913315bc0ad15fa7f
a1c5a301e1898e5749eb8bdb477f7ff786142a6d
ecc1a63d3c7e1c21a6d92d8b5d7889038861bf09f43c5ab81d84ff6f3a9c166c

cd180ca57fccb2611eded02789830803
25d610387e7a7c2a372e8cc612b495c3145e9768
6d4ddde75ecaddd0780420485d4a973cb1d9ba0df2c1fef15ca8a1a29d67f640

c40a37cd215c7cca64310984b6b7a848
4c09a09683328f4a0a56f4ca523b5d25e4a9f618
dbb89a4f297a050df445cb8a0e81b5753f32a4fe0d8b40f648572152215977da

76105c8caf97785c9fa330481b13713d
0ee01fa4ab0f9a3504201ce02a4c53547a8efbb4
eae7a347cbd805bce87ca8303d4de98729034228a1a94b999c01bb132f4738f2

AntivirusKit:
-------------

f308330ddc4fe26c0458a148f9594759
36a5feb922e8163be67a85018294d9e179cbcec7
6da70b2be86525ae5fc654cc293a44437ee6ca912668eff7501ef529a5be4196

f9a42de55118798f2920a2b1072c8444
f62f63ac4aee1295cbf7a636e13e5cba7f6474a5
8d8be8e6bd765c8822696d2af58f53f386987129c7ceca43f051f026d4073a7a

56865f1768d2a646ce0e9e8d436ec67b
0dfcb3a5c004665821f58afe3ddc7aca52411919
fd66434954edd4e07265660a37be5737e08414b033901905e5e535a4431aee7b

6511e2fdc0f721a47c4e8a1d626108f2
9fc5010703bcccdab67f4c61b2144f06c1ed6679
0c42ceba2e181cc943a330ea7d9e9ed7b05cb2602b50c10693ab3515d0d3776c

e2927d23417de42c00f6570179fa0ab4
5a654b60b4e5d7b971393993bf74bff6b7babf4c
a0b47cb536e58f060fd193e44cad1c282964bf02d743eeb375496d96e9852492

e29cf7b7613bfdbb9a0c1b4114527251
712e1835f88a75b50b902b5aeb8c63199d634da8
0b8b843e0e123464275b75fd1d21a808233389204df10accca0d9b29884d8c27

99558b6186c3af5415dac0488b0f4a0d
fb6504beb4934e9c4656121d0efd224b3e12da04
b339d6e1ea6d76a297b691b989a650c47392d063a7ee8394ac3a104e831cd97b

136eeda72cff4ce605424dd4566b5c5b
d79e8ece11468fffadd9ce0f24d6904544882979
2fb06f226571cb9f097d2ebcdef89898d70033bdd092233fea048fb345d318ad

a8f265a5d767f40a942a93be4ace83f4
1aee982c67d3557dcb77989c36ff4c35115eb8c7
957da7450f57781ac32f3a7ff7dcb5c975f5039f7684482706f1cd2dc61bc732

Avast Antivirus:
----------------

24b53bacfa2f6aeba6226466d6a96758
7bccb6233ae8356928f49ece594af2ec05654ec7
e07652d14834e267a661892a240be7185035942224c9386e68cbdeb1e636369a

df88c0d9489a877eca251f6977f07d0b
dca5faa757d3a7d72bf37873db8dae7e0f002cd1
65271e3d3a5e4f70f337b19b661f8ed5521777715c3c7223c5bde05f5ab826b9

649666668e1f0a219c0bd9619aff5d91
839c714d4b28bf903c6ccd0b1b7a6fdf5c46c01a
41c263ea1ce75411792f5853c8c02bf1ccf06708f09cd874490ef11623b85d55

0f16d47de15ebbcd30ecad2b3ba9aea2
51f859523e3d1d7eb8549ac27bc0ce292dfb940d
54806f6d3c6d193ea874057bc1d04e403c99c51fcf46dacbf3fdffc8a7033244

f1f4ac1d188c020f8e9a651555279227
dd2cd2fafe3d98b099a7504bd94089c1deec680a
cb5e46bb6abe10a8bc35dbb24991770f6433d7b5981998604164bb43ec2676bc

4696e1bb5e73620c6e715d9c727ac7f6
a240b8bdd748a15ef6e451e4a327258367e7c07c
2181db5345a3d04c83cbf5ca8442fecfeb1f3825ec0a7516f07eaebd03ee234a

40a82d15fcb2cd982fde52b5d90e7d49
b5248dd45ff405a0c75e7771c25ce1d8cdc2dfd2
cdedcb945de7855b9ff791ce1d0dff0bacccd715eaf61942676b4153f9783cda

df519bca64476f0f7e0a973c31e0828a
b46ac3f62a1dd0b9f1dc99d822913cd588f6ee68
003f657a4451b1e34de81862af10eac5cb25950406925e1f837ffc5f2ff2d4a3

193a39e6e57c5fe1e673cd60fc9f838d
d2bdb2e33a3c0922918d0badbec70d830228586c
dcbeefec4bb40fc39523284073ef5d1f6773786e286949d588e182de490ed74f

835899502d90cf4a435aa4392b2b03f4
ec81ee8d7239a89346e1e17ad4f018da180d5310
b019d4dcfd6db786ee13ed80f6e90b0faeb23f90b8dcb1061a718f9446e39e22

2ec5e7d881bd4792fe63992a052aa054
3bc58e9f7f1d9efc2d2a599b430ca745b810fbcc
bd5d5e96fc091a21ac3c1e1e24276fb22cd42dc7b56569de23811ab7196df5e1

df519bca64476f0f7e0a973c31e0828a
b46ac3f62a1dd0b9f1dc99d822913cd588f6ee68
003f657a4451b1e34de81862af10eac5cb25950406925e1f837ffc5f2ff2d4a3

193a39e6e57c5fe1e673cd60fc9f838d
d2bdb2e33a3c0922918d0badbec70d830228586c
dcbeefec4bb40fc39523284073ef5d1f6773786e286949d588e182de490ed74f

835899502d90cf4a435aa4392b2b03f4
ec81ee8d7239a89346e1e17ad4f018da180d5310
b019d4dcfd6db786ee13ed80f6e90b0faeb23f90b8dcb1061a718f9446e39e22

2ec5e7d881bd4792fe63992a052aa054
3bc58e9f7f1d9efc2d2a599b430ca745b810fbcc
bd5d5e96fc091a21ac3c1e1e24276fb22cd42dc7b56569de23811ab7196df5e1

7f1dfbef6cbb128480a89c518ef5e7b6
86dfabefece6ced61521cca7a8d573214bacc61d
abf0a439abadd50cf7871e14f7b0fecf6d24b0257679e186b4a8cfa5c95db26f

2c799b6dd1a95ac3f7ae9cb6550145ef
e509214a69108485821a370d48a22ae519feda42
fc204ac5f18b04a36570273035300004d16ab38b990e7c699743f4bbe1c8cd73

8505d6f3bb638c47a51c1e954945219d
0923321102a3a6ef606a54ea6375118e5003e7d2
f5103f808ba9e227ebf8f16f361a1710f6f083757d56d40a2c6dcd64f4578499

Grisoft AVG:
------------

7ed40b565903c3788157f1b7facd3e8c
d95141a18c0d49e3ef4da4ae4164460c04df571a
018f888c8f9a280c2a546d70646cfdfb002127f786777036190227f82438e99f

4cf5ea82eeb3526584bbc0e648859f28
4872d5a93ce3caafd2398b948a17c535fe1c178d
fc528e338ff779041cd7d43d5175461cbec51476bc83bab993930c894b4ab27f

3f30645d19a29120e3ed6667023f9b26
d8e468bb9b6d224e322a08e6b813d9a891a7a37c
e88ad4becf6ba0917e9187b7dcc907e2f0d1789e71dd8328f455662405afcacc

9723df4678b88056e18727fadfc523f5
21823e87f72ae6268f67f27dda6e1fd97162baa0
22c7987f4c9f0ae996e322547afd8f70dd0c1e579bebd9505d1d8106c6a8c47f

CA eTrust:
----------

b1ad7836c4c5f13acd39a7554cb4a74c
b21fdf4ac22cb040ceb060a5ce9369344a012ea5
3c39bf686d8cfa8d5901c10b6faff8e15f53eb5a7b09226893c5ec0add63e819

bb41ecd6340ddadf1b342569f545e0b3
38405393b9145bf92c3ce2b9f887bbb200578c15
cc933471d8a8c1ff2216209b5063b5ebc77e86846d0b5d4809763af1277fcf93

830b9443c1d9a2c3a3c22a61e141ff67
a5eb5a4bfab519db6db1270dda12a3eed36e99e6
ef3a5733a48728564781c3d5d7bf364f7c6b8c2dc9f62fbf7abd07c361e1078b

e29cf7b7613bfdbb9a0c1b4114527251
712e1835f88a75b50b902b5aeb8c63199d634da8
0b8b843e0e123464275b75fd1d21a808233389204df10accca0d9b29884d8c27

F-Secure Antivirus:
-------------------

8029afc917c99b76211376677bec7025
0e8b7674771c1cbd8860f73b1ce53aa88720c7d3
107b3efdeab6e622cc164c4cdde5366ca1d4aac7e263217e0b41c7dcbff3b025

2c4c3f6b89c7c395842b41a697cad411
b7d769358b594770d392bd57cbc9e56ece99b422
548b4b246be5ed4cf962d556c20c96c35994269f06b5ddedd7aa7e7248e9e250

657d39f36ac3f09f46ec30ed25a66a48
3ca8a75f157cecb89ab8a9cf29b5589536428d50
1fd43a88cf07ef8f5f1f35f656fbb08b2d16ad273363e88fa2efe4a056937f4a

d27a2fb4a40b785e25a450bb3acfd793
6b1d6d0754711ff5bafd84b1ed5a9ceeb88f3a53
e50e14059f17895efcfb7f60ff0be061cf49fa4a288c63ec494991555667da32

McAfee VirusScan:
-----------------

a8f265a5d767f40a942a93be4ace83f4
1aee982c67d3557dcb77989c36ff4c35115eb8c7
957da7450f57781ac32f3a7ff7dcb5c975f5039f7684482706f1cd2dc61bc732

ee44ef6cf5cb0a8debae2adf18a33579
a4a386f2b911b7bb9fc3572935032bb56c9a5d85
c8d017c4f095b2f45623117d80433339b16b48de9fc8a7362eb13116bdd29c5b

ee44ef6cf5cb0a8debae2adf18a33579
a4a386f2b911b7bb9fc3572935032bb56c9a5d85
c8d017c4f095b2f45623117d80433339b16b48de9fc8a7362eb13116bdd29c5b

3fb13db5928235fce3f6e65aa7ea4e86
83f6ef1b222ad55fd87967e3089f554a33ae5a06
be927665d2d44f0958b7c8070ea4cc77444cdfe3ada3d8398dd1cb8f6b9f6192

a8f265a5d767f40a942a93be4ace83f4
1aee982c67d3557dcb77989c36ff4c35115eb8c7
957da7450f57781ac32f3a7ff7dcb5c975f5039f7684482706f1cd2dc61bc732

ESET NOD32:
-----------

cfd37b81fd0dbc62653032a4166173ff
3c69c0e8979237bf4af66f4b93a7ada0d0d81211
e8853ba6967db030d54805899525ba20fb03c4b4786e1c1b97f1666e316052e3

440c492b01a8fb46a28d210345c180ed
d0db253944fdc24f81df3cd0c1fb63c1a700e240
8a3a6be38a55a341b2bba13bb4af453ca408edc29f1ee1f3f091e921250d28f1

02dc846a5388b9c3b6021208761e6f5a
600420f8f3c7d438533817d64e0bef92462a614e
5ad94d4d445d48f1ef5d87d492e0213c7af20bebb053621418375c09412d8e4a

b6f1955690dcfc804fae032216507430
65cf6c31c4c103c296c937520964d6dd7442d86f
f2401d9d3a5c3be0b9eec88eacf493ad6d83942ce0f566129cba929e398efc59

c52853d1d0ada84dd432aff2eacea04e
1f11427a3c5620dff36ef4056901bd3e1a209eeb
d51bbacd4b2b540266b793ee2735d729844c0476a648d3dd7fc683d6eef13db4

0107600c8612ff2ad4f22865768d407c
845391b0311305dadbed0aa41c2028e65516bfc1
40eb114d0b472d35850fcdde4bba6bdf36f067ba55a7c2df67d65dcaa4592dec

Norman Antivirus:
-----------------

fc7743cda0033f81d5c7d969542ea33b
0e4ffac982168a0aa73f529d830dc656a747a6dc
ca371fd64625efb50a0f3bb403bd922fc7081fc8966df7b0fd40b40586624188

a9bd4536a1966c0dde8ba718c658e854
f4adb4bfac96954a93c8e9d001630540af4a3fea
32caf66cd837949bfff32d4c2365cb3519d908e56dd3684e8ddc107ba25cc873

d5d020485df8ead5192042da9f32bb0d
95ead5b4fe26e5dff98a7fa95168f41713878f4c
e6a19e24893ad87a7c0c299f35fc2010af5a7a4a926e0fa5113946cb80dc1ea5

b9a8a5063abf31f53f6f7d2e35a8f7ee
3640d55abbd155ea22a2a68f9d15f27e5307a048
7cc06d3d8ceb341d6735c57c42288b067605a1fdeb8753729e4dddd0b435ad64

5397061f4268bdcc106ada8724d2cc21
3ddd04f4d4c2a1b2e91630ea909b74e9f8607554
9a9eec3f5fa24f1ccf7cf47effc0a5d1f5dad12e22b61c8e4a6552dc4345a4c1

13fc7553b8e2979942a95f6ff6f16f20
d74a4f36bead45008d826b3e2b5d9959a2394226
769ca66067e3fedff804f454a0b5a9d54dbf85f140de43b8c115f3f0bcdaf74a

40aefe65ef2371df256a5a17be5c08a2
dfc4110d62cb9a36f27b2269f3adfa1cee0ee190
17ff4d9f7dd44101544023dcd6554c2280f0cf2c779cb7a1f26717467eea25c7

7d9f52171e286d022e8c2605cab69db7
a2f3ef73dd41348131a4fc83bb269552c50e8a24
91c53eed8ab2e06e46d7e2d2f5fecfa65d29ec4cf9832b3b1690b724a25b10bf

Symantec Norton Antivirus:
--------------------------

05ee29971ad88e895fe3fbb2a931cb64
344724a09b87ebb0901b4a110855840440b5dd35
40494ee480bd1eb946a82d87cdbbad2a55471942b513c7986f1ef07a6a860de8

5aa3942cfb2854ace70434ffbbaf83ad
3b07b9cdbce21fa7c018ffe49ec3e4fb26898e7a
d9b0d079ee5d79d4791aed1465cf2b5cb69e953bfee6b39a51727bab6bfe0562

Panda Antivirus:
----------------

c1ef9b02aa230410db5384b60c43737f
6cdbec98c6b2dae754c835cddfd7510a27d6971d
c7d9e6b1b1a6a99d15bdbc199584a82629b8c2696e052835832c9cdba6575827

a086d36416b40da2556f708ec7839091
4dd0d6efea6335af8b49e76a8629cd575f56917a
9051df4e9eca261e051097a877aa68c3de568e85e24eb70c4424693018f9cbdb

fb2b41a7c8a25c835052ec788250c285
2583a038e47e85a9669f8bb944ccffcf11c21518
eeb614054a4cc99bb4aa3ac4b5f09f74c630a56ca7931a10b54a8f678eb59e67

Sophos Antivirus:
-----------------

ac07ed7520c4ff1ae93be01c2dc0a91b
69f941d81f8ed9d2a21ff7421d8f658b8bdef67a
60471004837929f83c0cd5fa58c51505d0182891b656216b67d2ffa3792371ac

e51333b8106e0cdc7c28e1d360470933
d3ea44047fde6792e0d451404133dfe37c2701ae
8363eb9f3db54839e10edbb5b0f0214425f42a5a67fa7a7f572d161dc6fe4ecb

1e33c49f7c86d23217f46927d17fcf84
75491f057ef1f7b69ef5431bf1a61ad0ff5765e8
68d66831aab022bac9e96e23ba8e1a55b49c392ed54fab9efe0f95d64ddb747c
Cheers,
   Sergio

-- 
Sergio Alvarez
Security, Research & Development
IT Security Consultant
email: shadown at gmail.com

This message is confidential. It may also contain information that is
privileged or otherwise legally exempt from disclosure. If you have received
it by mistake please let us know by e-mail immediately and delete it from
your system; should also not copy the message nor disclose its contents to
anyone. Many thanks.


More information about the VIM mailing list