Bugtraq mailing list archives

Re: Security Hole in Axent ESM

From: bert_driehuis () NL COMPUWARE COM (Bert Driehuis)
Date: Sat, 29 Aug 1998 22:44:12 +0200


On Fri, 28 Aug 1998, Mark (Mookie) wrote:

ESM does not only look at CRC's to verify if a file is genuine.  It also looks
at the timestamps; both the m-time and the c-time.  m-times are easy to change,
c-times are a lot harder and leave a trace.


[snip]

This doesn't leave a trace. There are numerous other programs to completely
replace all timestamps as normal, undetected. Technology has come a long way
since the above was written.


This is why BSD/OS since version 3.0 disallows setting the clock
backwards when running at normal securelevel. I think more operating
systems need that feature. Subverting timestamps in this environments
becomes much harder.

Cheers,

                                        -- Bert

Bert Driehuis, MIS -- bert_driehuis () nl compuware com -- +31-20-3116119
The grand leap of the whale up the Fall of Niagara is esteemed, by all
who have seen it, as one of the finest spectacles in nature.
                -- Benjamin Franklin.

Current thread:

Re: Security Hole in Axent ESM Larry Bassett (Aug 27)
- <Possible follow-ups>
- Re: Security Hole in Axent ESM Dr. Mudge (Aug 27)
- Re: Security Hole in Axent ESM Steve McBride (Aug 27)
- Re: Security Hole in Axent ESM Douglas G Conorich (Aug 27)
  - Re: Security Hole in Axent ESM Mark (Aug 28)
    - Re: Security Hole in Axent ESM Bert Driehuis (Aug 29)
- Re: Security Hole in Axent ESM Douglas G Conorich (Aug 27)
- Re: Security Hole in Axent ESM Steve Jackson (Aug 28)
  - Re: Security Hole in Axent ESM Paul Ashton (Aug 28)
- Re: Security Hole in Axent ESM Andy Church (Aug 29)
- Re: Security Hole in Axent ESM reddog (Aug 30)
- Re: Security Hole in Axent ESM Andy Church (Aug 31)
  - Re: Security Hole in Axent ESM Caskey L. Dickson (Aug 31)
  - ToolTalk Advisory Security Research Labs (Aug 31)