[24216] in bugtraq
RE: Long path exploit on NTFS
daemon@ATHENA.MIT.EDU (andy)
Sat Feb 9 01:33:45 2002
Date: Thu, 7 Feb 2002 09:53:47 -0500
Message-Id: <200202070953.AA20447472@selekta.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "andy " <andy@selekta.com>
Reply-To: <andy@selekta.com>
To: <bugtraq@securityfocus.com>
Trend OfficeScan Corporate Edition
Program Version: 3.54
VSApiNT Version: 5.630-1025
TMFilter Version: 5.630.0.1004
Virus Pattern File #: 220
Tested vulnerable to deeply nested directories.
Payload used: netbus.zip
Full directory path: C:\temp\1234567890\1234567890\1234567890
\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890
\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890
\1234567890\1234567890\1234567890\1234567890\1234567890
\123456789012345678\
When the same file was saved to c:\temp, Officescan picked it up
right away.
Andy Nowakowski
>No, Mcafee 4.5.1 (scan engine 4.1.60, DAT 4.0.4184) is not
vulnberable. Both
>realtime scan, and manual scan worked on the deeply nested
directories.
>
>-----Original Message-----
>From: Fleming, Diane [mailto:dfleming@fnni.com]
>Sent: Tuesday, 5 February 2002 11:50
>To: 'fh@rcs.urz.tu-dresden.de'; bugtraq@securityfocus.com;
>hans.somers@hccnet.nl
>Subject: RE: Long path exploit on NTFS
>
>
>Any information as to whether or not McAfee Virus Scan 4.x has
this
>vulnerability?
>
>-----Original Message-----
>From: Frank Heyne [mailto:fh@rcs.urz.tu-dresden.de]
>Sent: Monday, February 04, 2002 1:15 PM
>To: bugtraq@securityfocus.com; hans.somers@hccnet.nl
>Subject: Re: Long path exploit on NTFS
>
>
>On 4 Feb 2002, at 10:26, Hans Somers wrote:
>
>> Not Vunerable:
>> --------------
>> *1
>> Sophos Anti-Virus v3.53
>
>This is not true.
>
>According to my own tests, Sophos Anti-Virus v3.53
>is unable to find virii in deeply nested NTFS subdirectories on
NT 4.
>
>
>
>Frank Heyne
>
>
>
>
>==================================================================
>De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
>is uitsluitend bestemd voor de geadresseerde. Indien u dit
bericht
>onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken
en
>de afzender direct te informeren door het bericht te retourneren.
>==================================================================
>The information contained in this message may be confidential
>and is intended to be exclusively for the addressee. Should you
>receive this message unintentionally, please do not use the
contents
>herein and notify the sender immediately by return e-mail.
>
>
>==================================================================
>
>
________________________________________________________________
selekta.com
