lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: visitbipin at yahoo.com (bipin gautam)
Subject: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]

--- GuidoZ <uberguidoz@...il.com> wrote:

> I've heard of this before (see following link). I
> thought it was fixed
> in SP1 (maybe it was SP2). I'm probabaly wrong -
> call it wishful
> thinking. There is an interesting page in German
> about it here:
>  -
>
http://www.lsg.musin.de/Admin/NT/rechte/die_batch_online_mit_vielen_erkl.htm
> 
> English transation provided by Google is:
>  -
>
http://translate.google.com/translate?hl=en&sl=de&u=http://www.lsg.musin.de/Admin/NT/rechte/die_batch_online_mit_vielen_erkl.htm&prev=/search%3Fq%3D%2522cacls%2B*.*%2B/T%2B/C%2B/P%2B*:R%2522%26hl%3Den%26lr%3D%26ie%3DUTF-8
> (if the URL wrap bothers you, here's a TinyURL:
> http://tinyurl.com/6t6lu)
> 
> It doesn't take much to figure out how this could be
> used to cause
> some hell. (Maybe combined with the recent GDI/JPEG
> exploit?
> Downloading a batch file coudl be nasty...)


No man... the url you provide seem to speak a
different thing! (O; Look closely; 

 And ya, i tested in Winxp sp2.
Note: If the scanner is unable to drop the privilege
and run under the security content of "dumb_user"...
the auto-protect engine will also fail to stop a
malicious code from executing. Mostly, a user's HOME
directory *only accessible* by the by the particular
user... cauz mostly* permission is set in a way he/she
is only the owner of that directory. In that case, if
a malicious code gets copied in desktop (inside home
directory, or the directory that's only* accessible by
the user) the auto-protect engine will also fail to
stop a malicious code execution.  

bipin


		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com


Powered by blists - more mailing lists