lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200410070159.i971xI321643@netsys.com>
From: randallm at fidmail.com (RandallM)
Subject: RE: Full-Disclosure digest, Vol 1 #1955 - 19 msgs

<|>--__--__--
<|>
<|>Message: 14
<|>Date: Wed, 6 Oct 2004 15:53:32 -0700
<|>From: GuidoZ <uberguidoz@...il.com>
<|>Reply-To: GuidoZ <uberguidoz@...il.com>
<|>To: full-disclosure@...ts.netsys.com
<|>Subject: [Full-Disclosure] Quick JPEG/GDI test & fix (timesaver)
<|>
<|>Hello list,
<|>
<|>I wrote a very simple program/batch file that tests for the JPEG
<|>exploit, then if affected, provides instructions on how to patch the
<|>exploit. It has been tested on my own lil happy lab network, as well
<|>as one one network where I'm a sysadmin. (Tested on Windows XP Home
<|>and Pro, SP1a and SP2.)
<|>
<|>It DOES test for the exploit by attempting to use an "infected" JPG
<|>which downloads the instructions for fixing it, if exploited. By
<|>viewing the strings in the JPG, you can see the file it downloads and
<|>check it out for yourself. It's clean. =) Just contains a batch file
<|>and a program to launch the batch file. (The file that gets 
<|>downloaded
<|>is a simple SFX.) Links are below. It contains a warning saying it's
<|>about to try to exploit the system and to save data in open programs.
<|>(It also warns that Explorer may crash.)
<|>
<|>I wrote this merely to save myself time and allow friends/family to
<|>test their own systems, then patch them without having to call me for
<|>help. It's not been tested in every environment and in every 
<|>scenario.
<|>If you find a problem, feel free to email me (exploit _AT_ guidoz
<|>_DOT_ com) Obviously I'm not responsible if it's abused 
<|>somehow, or if
<|>it breaks something, etc. Feel free to modify it to suit your own
<|>needs, but use it at your own risk.
<|>
<|>Test can be downloaded from here: 
<|>http://www.guidoz.com/exploit-test.exe
<|>
<|>Again, it's just an SFX archive with a batch file. Hopefully it will
<|>save someone else some time. I've used it to have friends/family (and
<|>a few clients) patch a total of around 30 machines without problems.
<|>
<|>--
<|>Peace. ~G
<|>
<|>
<|>--__--__--
<|>
<|>End of Full-Disclosure Digest
<|>

Well, guess I'm safe. McAfee saw it as "Exploit-MntRedir.gen" and said...NO!
I googled it and it found nothing though. Thought it would atleast lead me
to McAfee. McAfee search said: 

"We found no records matching the following criteria:
Virus name containing "MntRedir.gen".
Please try narrowing your search by using fewer characters".

What gives?

thank you
Randall M


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ