lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAANASp/bip1hHgg1O1cfiAEPCgAAAEAAAAMyBTt25hthMk9oKnYPFB7kBAAAAAA==@online.gateway.strangled.net>
Date: Wed Nov 16 04:37:42 2005
From: aditya.deshmukh at online.gateway.strangled.net (Aditya Deshmukh)
Subject: Re: [xfocus-AD-051115]Multiple antivirus
	failedto scan malicous filename bypass vulnerability

> axo>   Demonstration here:
> axo>   Choose a malicious file which would be detected, such as nc.exe,
> axo>   rename the file as nc??.exe (?? =Hex C0 D7 BA DC)
> axo>   Because these special names are unable directly to input, so if you
> axo>   want to run these file, you should use the following way:
> axo>   Uses the MS-DOS name specification, we can operate  file with
Open?
> axo>   Read?Write? and duplicate?

> That means that if the user clicks on it using explorer.exe or
> iexplorer.exe the file won't be executed because even Microsoft
> Windows explorer is unable to parse the file?
 
It will be executed because the if windows is not able to 
Access the long file name then short file name is used to 
Access the file in +x or execute mode...


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ