Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: Long path exploit on NTFS
From: "andy " <andy () selekta com>
Date: Thu, 7 Feb 2002 09:53:47 -0500

Trend OfficeScan Corporate Edition
Program Version: 3.54
VSApiNT Version: 5.630-1025
TMFilter Version: 5.630.0.1004
Virus Pattern File #: 220

Tested vulnerable to deeply nested directories.

Payload used: netbus.zip

Full directory path: C:\temp\1234567890\1234567890\1234567890
\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890
\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890
\1234567890\1234567890\1234567890\1234567890\1234567890
\123456789012345678\

When the same file was saved to c:\temp, Officescan picked it up 
right away. 

Andy Nowakowski

No, Mcafee 4.5.1 (scan engine 4.1.60, DAT 4.0.4184) is not 
vulnberable. Both
realtime scan, and manual scan worked on the deeply nested 
directories.

-----Original Message-----
From: Fleming, Diane [mailto:dfleming () fnni com] 
Sent: Tuesday, 5 February 2002 11:50
To: 'fh () rcs urz tu-dresden de'; bugtraq () securityfocus com;
hans.somers () hccnet nl
Subject: RE: Long path exploit on NTFS


Any information as to whether or not McAfee Virus Scan 4.x has 
this
vulnerability?

-----Original Message-----
From: Frank Heyne [mailto:fh () rcs urz tu-dresden de]
Sent: Monday, February 04, 2002 1:15 PM
To: bugtraq () securityfocus com; hans.somers () hccnet nl
Subject: Re: Long path exploit on NTFS


On 4 Feb 2002, at 10:26, Hans Somers wrote:

Not Vunerable:
--------------
*1                                   
 Sophos Anti-Virus v3.53

This is not true.

According to my own tests, Sophos Anti-Virus v3.53
is unable to find virii in deeply nested NTFS subdirectories on 
NT 4.



Frank Heyne




==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit 
bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken 
en 
de afzender direct te informeren door het bericht te retourneren. 
==================================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the 
contents 
herein and notify the sender immediately by return e-mail.


==================================================================


 

________________________________________________________________
selekta.com


 
                   


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]