RE: Long path exploit on NTFS

From: Elan Hasson (elanat_private)
Date: Wed Feb 06 2002 - 20:25:12 PST

Next message: Todd Underwood: "Re: Intel.com Mailing List Arbitrary Address Removal Link"

Previous message: Dmitry Guyvoronsky: "Re: Security Advisory - #1"
In reply to: Uidam, T (Tim): "RE: Long path exploit on NTFS"
Next in thread: David Korn: "RE: Long path exploit on NTFS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've had a bit of trouble with messed up file names/paths in Windows XP Pro
(NTFS 5.1)

C:\Documents and Settings\Elan Hasson\My Documents\My Files\To
Burn\CD1\elan\compiled.org\sept11\saved_sites\Thousands' Workaday Scenario
Turned Surreal
(washingtonpost_com)_files\digest;dir=;kw=;pos=top;sz=468x60;tile=1;ord=3952
14103427214200_files\911united468x60.gif

is it. I'm unable to rename/delete/copy/paste/open the file But Explorer
says its 14.2 KB and returns a "Modified Date". I cant attach the file to
this e-mail (i just tried heheh) i can't open it in_ANY_ applications.

I'm not sure on the attachment policy of this list but i did attach the
screen shot of the properties window for this file (ntfs_fucked.JPG). If the
attachment does not go through, feel free to  email me (elanat_private) and
i'll be happy to send it to you.

-----------
Elan Hasson <elanat_private>
		AIM: apiwizard
EFNet: api\

-----Original Message-----
From: Uidam, T (Tim) [mailto:Tim.Uidamat_private]
Sent: Monday, February 04, 2002 10:46 PM
To: 'Fleming, Diane'; 'fhat_private-dresden.de';
'bugtraqat_private'; 'hans.somersat_private'
Subject: RE: Long path exploit on NTFS

No, Mcafee 4.5.1 (scan engine 4.1.60, DAT 4.0.4184) is not vulnberable. Both
realtime scan, and manual scan worked on the deeply nested directories.

-----Original Message-----
From: Fleming, Diane [mailto:dflemingat_private]
Sent: Tuesday, 5 February 2002 11:50
To: 'fhat_private-dresden.de'; bugtraqat_private;
hans.somersat_private
Subject: RE: Long path exploit on NTFS

Any information as to whether or not McAfee Virus Scan 4.x has this
vulnerability?

-----Original Message-----
From: Frank Heyne [mailto:fhat_private-dresden.de]
Sent: Monday, February 04, 2002 1:15 PM
To: bugtraqat_private; hans.somersat_private
Subject: Re: Long path exploit on NTFS

On 4 Feb 2002, at 10:26, Hans Somers wrote:

> Not Vunerable:
> --------------
> *1
>  Sophos Anti-Virus v3.53

This is not true.

According to my own tests, Sophos Anti-Virus v3.53
is unable to find virii in deeply nested NTFS subdirectories on NT 4.

Frank Heyne

==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==================================================================
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.

==================================================================

Next message: Todd Underwood: "Re: Intel.com Mailing List Arbitrary Address Removal Link"
Previous message: Dmitry Guyvoronsky: "Re: Security Advisory - #1"
In reply to: Uidam, T (Tim): "RE: Long path exploit on NTFS"
Next in thread: David Korn: "RE: Long path exploit on NTFS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 08 2002 - 21:41:24 PST