[24032] in bugtraq
Betr.: Long path exploit on NTFS
daemon@ATHENA.MIT.EDU (Remko Catersels)
Wed Jan 30 14:52:34 2002
To: hans.somers@nl.abnamro.com
Cc: bugtraq@securityfocus.com
MIME-Version: 1.0
Message-ID: <OF37523027.990B2033-ONC1256B51.005ADFD3@LocalDomain>
From: "Remko Catersels" <Remko.Catersels@asr.nl>
Date: Wed, 30 Jan 2002 17:40:53 +0100
Content-Type: text/plain; charset="us-ascii"
> Long path exploit on NTFS
> =====================
> The filesystem NTFS seems to be a hiding place for virusses if you use a
file path which
> exceeds 256 charaters.
McAfee Virusscan V4.5.1 running on NT4.0 SP6a seems vulnerable to the same
trick.
Virusscan found eicar1 but not eicar2. Worst thing is, it just silently
stopped (no error it couldn't go 'deeper') and claimed there where no more
infected items.
--
Remko Catersels Remko.Catersels@asr.nl
Security Specialist (BOFH) A.S.R. Verzekeringsgroep N.V.
CC WHILS +31 - (0)10 - 401 3273
Security isn't easy, nor is it something that you can bolt onto a product
after the fact.
-- Bruce Schneider.
***********************DISCLAIMER***********************
Deze e-mail is uitsluitend bestemd voor de geadresseerde(n).
Verstrekking aan en gebruik door anderen is niet toegestaan.
AMEV Stad Rotterdam Verzekeringsgroep (ASR) N.V. sluit
iedere aansprakelijkheid uit die voortvloeit uit
elektronische verzending.
This e-mail is intended exclusively for the addressee(s),
and may not be passed on to, or made available for use
by any person other than the addressee(s).
AMEV Stad Rotterdam Verzekeringsgroep (ASR) N.V.
rules out any and every liability resulting from any
electronic transmission.
********************************************************
