[15380] in bugtraq
Re: Vulnerabilities in Norton Antivirus for Exchange
daemon@ATHENA.MIT.EDU (Chris Timmons)
Fri Jun 16 15:45:04 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <NFEDJPPKHJCBJDPPBLJNMEGGCCAA.chris-timmons@home.com>
Date: Thu, 15 Jun 2000 22:38:59 -0400
Reply-To: Chris Timmons <chris-timmons@HOME.COM>
From: Chris Timmons <chris-timmons@HOME.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3947F2D8.18900.89F003@localhost>
This sounds like it is linked to the same problem that I mentioned in
NTBugtraq and to Microsoft for the last little while. I bet you dollars to
donuts it is the Explorer shell crashing and everything in the same thread.
(MSRC 175)
>2. Buffer Overrun in the NavExchange unzip engine
>Because an e-mail message could contain an attachment which is a .zip
file,>
>and members of the .zip archive might contain viruses, NavExchange includes
>a component for unzipping files. This component contains a buffer overrun
>when the .zip attachment contains long file names.
>On 5/15/00, a message was posted to Bugtraq publishing a vulnerability in
>Eudora concerning .zip attachments with long file names. An attachment was
>included to illustrate the problem. This attachment caused a NavExchange
>failure, indicating that NavExchange suffers from the same problem.
>The message in question has Message-ID
><002801bfbe6c$eccd5bd0$0100a8c0@ultor> from Ultor <Ultor@HERT.ORG>,
subject:
>Eudora Pro & Outlook Overflow - too long filenames again
mpacts fall into three grades of severity:
>A) Entry Mechanism for viruses
>A virus "armored" inside of a .zip attachment with long file names is
>virtually guaranteed to be able to slip through NavExchange and reach the
>recipient. In this case the system administrator will have an Event Log
>message noting the failure, but may not realize the implications. Many NT
>systems have no method of explicitly notifying the system administrator
when
>Event Log messages of a particular kind occur, and indeed the whole Event
>Log mechanism typically requires dilligence on the part of the system
>administrator to scan these logs manually. Since such an armored e-mail
>message could arrive overnight or on a weekend, there is more than
sufficent
>time for the message to trigger an infection before the Event Log message
is
>noticed.
