| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Oct 2004 21:57:06 +0800 From: "Sowhat ." <smaillist@...il.com> To: bugtraq@...urityfocus.com Subject: Mutiple AntiVirus Reserved Device Name Handling Vulnerability Mutiple AntiVirus Reserved Device Name Handling Vulnerability Author:Sowhat Date:October,9th,2004 http://secway.org/Advisory/Ad20041009.txt Vendor: AntiVir www.hbedv.com Twister www.filseclab.com Protector plus 2000 www.pspl.com Overview: As many popular AV's "Reserved Device Name Handling Vulnerability" were reported, i have tested this well known bugz with some others for fun :) There are still 3 leaving for me ,tested with the lastest or the most popular version. Descritption: Exploitation of this design vulnerability in these AntiVirus products could allow malicious code to evade detection. The problem is that during the automatic and manual scans,these Avs dont consistently scan the files and directories named as reserved MS-DOS devices, such as AUX, CON, PRN, COM1 and LPT1 etc. When these Avs scan the files and folders named with Reserved Device Name, they will fail to detect and report the malicious code,then they can avoid detection. This vulnerablity is exactly as the Symantec's so,if you want to see more information , just google "Symantec Security Advisory SYM04-015" || "iDEFENSE Security Advisory 10.05.04b" WorkAround: Delelte all the files and folders named with Reserved Device Name. Vendor Status: I have contacted all 3 vendors,only Twister replied and they will fixed it in the next release. CREDIT: Sowhat 0f the ITS Security Research Team Sowhat[0x40]secway[0x2e]org
Powered by blists - more mailing lists