lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 11 Mar 2004 07:48:00 -0600
From: Sym Security <symsecurity@...antec.com>
To: bugtraq@...urityfocus.com
Subject: Re:  Norton AntiVirus 2002 fails to scan files with ... [2'nd... UPDATED]  Message-ID: 20040306040833.28300


In Response to:

Norton AntiVirus 2002 fails to scan files with ... [2'nd... UPDATED] 
Date:  Mar 6 2004 4:08AM 
Author:  Bipin Gautam. <door_hunt3r blackcodemail com> 
Message-ID:  <20040306040833.28300.qmail@....securityfocus.com> 

Bipin Gautam submitted:
 
 
        In-Reply-To: <20040305183533 17369 qmail www securityfocus com>

        Subject: Norton Antivirus 2002  fails to scan files with special 
character(s) properly.
        Published: Friday, 05 March, 2004
        Updated: 06-Mar-04
        Discovered By: Bipin Gautam ( hUNT3R )
        Product Version: Norton Antivirus 2002 [ ver: 8.00.58 ] (~Only 
tested On...~)
        Risk Impact: Low-Medium

        *   *   *
        Details: 

        During a 'manual scan' of a folder, if Norton Antivirus (NAV) 
encounters a file /folder
        name with 'some'  ASCII characters ( 1-31) NAV can't further 
proceed the manual
        scan and its front-end 'NAVW32.exe' crashes! This Bug has no 
impact in the
        NAV Auto-Protect Engine.

        Exploit 1). : http://www.geocities.com/visitbipin/test_nav.zip
        Create a folder (say: '!' ) and put some sub-folders and files in 
it. The file/sub-
        folder name must contain  ASCII character(s)  ( 1-31) . Have a 
manual scan of
        the folder named '!' NAV can't  proceed the scan and crashes!

        Exploit 2). : Run this batch script, first and make sure you have 
95 sub-folders inside
 
-------------------------snip------------------------------------------------------------
 
SymSecurity Response:

Bipin Gautam posted two issues he found in an early build version of 
Symantec Norton AntiVirus 2002.

Symantec engineers did test both issues against current Symantec AntiVirus 
products.  The results of our testing shows that currently supported and 
up-to-date versions of Symantec AntiVirus products, to include Symantec 
Norton AntiVirus 2002, fully protect our customers against either of these 
issues.

Symantec takes the security and proper functionality of its products very 
seriously. As founding members in the Organization for Internet Safety, 
Symantec follows the process of responsible disclosure. 

Symantec Product Security Contact Information:
Anyone with information on potential or actual security issues with 
Symantec products should contact symsecurity@...antec.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ