| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: uberguidoz at gmail.com (GuidoZ) Subject: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] More useful info on calcs/xcalcs: - http://support.microsoft.com/default.aspx?scid=kb;EN-US;135268 - http://www.ss64.com/nt/cacls.html - http://www.jsiinc.com/SUBH/tip3700/rh3729.htm -- Peace. ~G On Fri, 1 Oct 2004 20:29:19 -0700, GuidoZ <uberguidoz@...il.com> wrote: > I've heard of this before (see following link). I thought it was fixed > in SP1 (maybe it was SP2). I'm probabaly wrong - call it wishful > thinking. There is an interesting page in German about it here: > - http://www.lsg.musin.de/Admin/NT/rechte/die_batch_online_mit_vielen_erkl.htm > > English transation provided by Google is: > - http://translate.google.com/translate?hl=en&sl=de&u=http://www.lsg.musin.de/Admin/NT/rechte/die_batch_online_mit_vielen_erkl.htm&prev=/search%3Fq%3D%2522cacls%2B*.*%2B/T%2B/C%2B/P%2B*:R%2522%26hl%3Den%26lr%3D%26ie%3DUTF-8 > (if the URL wrap bothers you, here's a TinyURL: http://tinyurl.com/6t6lu) > > It doesn't take much to figure out how this could be used to cause > some hell. (Maybe combined with the recent GDI/JPEG exploit? > Downloading a batch file coudl be nasty...) > > - > Peace. ~G > > > > > On Fri, 1 Oct 2004 19:37:49 -0700 (PDT), bipin gautam > <visitbipin@...oo.com> wrote: > > All Antivirus, Trojan, Spy ware scanner, Nested file > > manual scan bypass bugs. [Part IV] > > > > Risk Level: Medium > > Affected Product: (Should be) all Antivirus, Trojan, > > Spy ware scanners for windows. > > > > Description: > > ------------ > > > > A malicious code can reside in a computer (with users > > privilage) bypassing "manual scans" of any > > Antivirus, Trojan & Spy ware scanners by simply > > issuing this command to itself. > > > > cacls hUNT.exe /T /C /P dumb_user:R > > > > ...this is only due to the design fault in Microsoft > > Windows, the way it handles NTFS permission.By this > > way... any software's with even Admin./SYSTEM > > privilege can't access this file (hUNT.exe) normally > > because the only person who has normal access to this > > file is "dumb_user" > > > > No wonder, there are several false assumptions in > > windows security configuration as well, when a JOE > > administrator could permenantly lock himself up in his > > own machine. > > > > regards, > > Bipin Gautam > > http://www.geocities.com/visitbipin > > > > Disclaimer: The information in the advisory is > > believed to be accurate at the time of printing based > > on currently available information. Use of the > > information constitutes acceptance for use in an AS IS > > condition. There are no warranties with regard to this > > information. Neither the author nor the publisher > > accepts any liability for any direct, indirect or > > consequential loss or damage arising from use of, or > > reliance on this information. > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! Mail - 50x more storage than other providers! > > http://promotions.yahoo.com/new_mail > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > >
Powered by blists - more mailing lists