Bugtraq mailing list archives
Re: Vulnerabilities in Norton Antivirus for Exchange
From: chris-timmons () HOME COM (Chris Timmons)
Date: Thu, 15 Jun 2000 22:38:59 -0400
This sounds like it is linked to the same problem that I mentioned in NTBugtraq and to Microsoft for the last little while. I bet you dollars to donuts it is the Explorer shell crashing and everything in the same thread. (MSRC 175)
2. Buffer Overrun in the NavExchange unzip engine
Because an e-mail message could contain an attachment which is a .zip
file,>
and members of the .zip archive might contain viruses, NavExchange includes a component for unzipping files. This component contains a buffer overrun when the .zip attachment contains long file names.
On 5/15/00, a message was posted to Bugtraq publishing a vulnerability in Eudora concerning .zip attachments with long file names. An attachment was included to illustrate the problem. This attachment caused a NavExchange failure, indicating that NavExchange suffers from the same problem.
The message in question has Message-ID <002801bfbe6c$eccd5bd0$0100a8c0@ultor> from Ultor <Ultor () HERT ORG>,
subject:
Eudora Pro & Outlook Overflow - too long filenames again
mpacts fall into three grades of severity:
A) Entry Mechanism for viruses
A virus "armored" inside of a .zip attachment with long file names is virtually guaranteed to be able to slip through NavExchange and reach the recipient. In this case the system administrator will have an Event Log message noting the failure, but may not realize the implications. Many NT systems have no method of explicitly notifying the system administrator
when
Event Log messages of a particular kind occur, and indeed the whole Event Log mechanism typically requires dilligence on the part of the system administrator to scan these logs manually. Since such an armored e-mail message could arrive overnight or on a weekend, there is more than
sufficent
time for the message to trigger an infection before the Event Log message
is
noticed.
Current thread:
- Vulnerabilities in Norton Antivirus for Exchange Jim Rosenberg (Jun 14)
- Re: Vulnerabilities in Norton Antivirus for Exchange Chris Timmons (Jun 15)
- DoS for web by failing reverse DNS? Derrick J Brashear (Jun 15)
- <Possible follow-ups>
- FW: Vulnerabilities in Norton Antivirus for Exchange Mike Giordano (Jun 21)
- Re: Vulnerabilities in Norton Antivirus for Exchange Prosser, Mike (Jun 28)