Bugtraq mailing list archives

RE: Long path exploit on NTFS

From: "andy " <andy () selekta com>
Date: Thu, 7 Feb 2002 09:53:47 -0500

Trend OfficeScan Corporate Edition
Program Version: 3.54
VSApiNT Version: 5.630-1025
TMFilter Version: 5.630.0.1004
Virus Pattern File #: 220

Tested vulnerable to deeply nested directories.

Payload used: netbus.zip

Full directory path: C:\temp\1234567890\1234567890\1234567890
\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890
\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890
\1234567890\1234567890\1234567890\1234567890\1234567890
\123456789012345678\

When the same file was saved to c:\temp, Officescan picked it up 
right away. 

Andy Nowakowski

No, Mcafee 4.5.1 (scan engine 4.1.60, DAT 4.0.4184) is not

vulnberable. Both

realtime scan, and manual scan worked on the deeply nested

directories.


-----Original Message-----
From: Fleming, Diane [mailto:dfleming () fnni com] 
Sent: Tuesday, 5 February 2002 11:50
To: 'fh () rcs urz tu-dresden de'; bugtraq () securityfocus com;
hans.somers () hccnet nl
Subject: RE: Long path exploit on NTFS


Any information as to whether or not McAfee Virus Scan 4.x has

this

vulnerability?

-----Original Message-----
From: Frank Heyne [mailto:fh () rcs urz tu-dresden de]
Sent: Monday, February 04, 2002 1:15 PM
To: bugtraq () securityfocus com; hans.somers () hccnet nl
Subject: Re: Long path exploit on NTFS


On 4 Feb 2002, at 10:26, Hans Somers wrote:

Not Vunerable:
--------------
*1                                   
 Sophos Anti-Virus v3.53


This is not true.

According to my own tests, Sophos Anti-Virus v3.53
is unable to find virii in deeply nested NTFS subdirectories on

NT 4.




Frank Heyne




==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit

bericht

onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken

en

de afzender direct te informeren door het bericht te retourneren. 
==================================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the

contents

herein and notify the sender immediately by return e-mail.


==================================================================

 

________________________________________________________________
selekta.com

Current thread:

Re: Long path exploit on NTFS, (continued)
- Re: Long path exploit on NTFS Frank Heyne (Feb 04)
- RE: Long path exploit on NTFS Fleming, Diane (Feb 04)
  - RE: Long path exploit on NTFS Didier Arenzana (Feb 06)
- RE: Long path exploit on NTFS David Sexton (Feb 06)
- Re: Long path exploit on NTFS Christophe Bousquet (Feb 06)
- RE: Long path exploit on NTFS Uidam, T (Tim) (Feb 06)
  - RE: Long path exploit on NTFS Elan Hasson (Feb 08)
- RE: Long path exploit on NTFS David Korn (Feb 07)
  - RE: Long path exploit on NTFS Frank Heyne (Feb 08)
- Long Path Exploit on NTFS Mark Ng (Feb 07)
- RE: Long path exploit on NTFS andy (Feb 08)