RE: Long path exploit on NTFS

From: andy (andyat_private)
Date: Thu Feb 07 2002 - 06:53:47 PST

Next message: Support Info: "Security Update [CSSA-2002-002.0] Linux - Remote exploit against mutt"

Previous message: Stuart Moore: "another hanterm exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Trend OfficeScan Corporate Edition
Program Version: 3.54
VSApiNT Version: 5.630-1025
TMFilter Version: 5.630.0.1004
Virus Pattern File #: 220

Tested vulnerable to deeply nested directories.

Payload used: netbus.zip

Full directory path: C:\temp\1234567890\1234567890\1234567890
\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890
\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890
\1234567890\1234567890\1234567890\1234567890\1234567890
\123456789012345678\

When the same file was saved to c:\temp, Officescan picked it up 
right away. 

Andy Nowakowski

>No, Mcafee 4.5.1 (scan engine 4.1.60, DAT 4.0.4184) is not 
vulnberable. Both
>realtime scan, and manual scan worked on the deeply nested 
directories.
>
>-----Original Message-----
>From: Fleming, Diane [mailto:dflemingat_private] 
>Sent: Tuesday, 5 February 2002 11:50
>To: 'fhat_private-dresden.de'; bugtraqat_private;
>hans.somersat_private
>Subject: RE: Long path exploit on NTFS
>
>
>Any information as to whether or not McAfee Virus Scan 4.x has 
this
>vulnerability?
>
>-----Original Message-----
>From: Frank Heyne [mailto:fhat_private-dresden.de]
>Sent: Monday, February 04, 2002 1:15 PM
>To: bugtraqat_private; hans.somersat_private
>Subject: Re: Long path exploit on NTFS
>
>
>On 4 Feb 2002, at 10:26, Hans Somers wrote:
>
>> Not Vunerable:
>> --------------
>> *1  					
>>  Sophos Anti-Virus v3.53
>
>This is not true.
>
>According to my own tests, Sophos Anti-Virus v3.53
>is unable to find virii in deeply nested NTFS subdirectories on 
NT 4.
>
>
>
>Frank Heyne
>
>
>
>
>==================================================================
>De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
>is uitsluitend bestemd voor de geadresseerde. Indien u dit 
bericht 
>onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken 
en 
>de afzender direct te informeren door het bericht te retourneren. 
>==================================================================
>The information contained in this message may be confidential 
>and is intended to be exclusively for the addressee. Should you 
>receive this message unintentionally, please do not use the 
contents 
>herein and notify the sender immediately by return e-mail.
>
>
>==================================================================
>
>
 

________________________________________________________________
selekta.com

Next message: Support Info: "Security Update [CSSA-2002-002.0] Linux - Remote exploit against mutt"
Previous message: Stuart Moore: "another hanterm exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 08 2002 - 22:08:44 PST