Bugtraq mailing list archives
Re: SECURITY.NNOV: special devices access in multiple archivers
From: Andreas Marx <amarx () gega-it de>
Date: Fri, 10 Aug 2001 19:07:03 +0200
Hi,
Thats not entirely true, you can easily add such files using other Operating systems, that do not suffer from defective or braindead filename conventions. Zip archiving tools are available for a wide variety of unix systems, which allow creation and adding of files like NUL.EXE flawlessly ;)
OK, yes, you can add such files under Linux, for example. However, there is no solution (as far as I know) to add files like "../../test.exe", right? Paths with "normal" subdirs causes no problems (neither under Windows nor other OS). That was the major reason why we used a disk editor and not simply Linux.
The testing of Windows based Antivirus products has to be done within windows. Although i would run them inside vmware or similar virtual boxen.
We used plain vanilla windows (why vmware?).
Did you also test Unix based virus scanners? there are quite a few AV Products that have scanners running on Unix.
This was the reason why my answer is late - after we found that the desktop products passed the test very well, we tried Linux-based products as well as Notes (NT) and Exchange products (NT) - together 23 different. In the default configuration, no program we have tested was vulnerable. Only in some special cases (very unlikely, but possible) and only in "integrated" products (all tested av-only software works fine) that uses external archivers the ".." bug exists.
This is really critical, but we have notified the producers and I'll post more info's about this issue when a fix is released. Again: This bug can be exploited only in very, very unlikely situations. (It's not a useful configuration at all.)
But it is possible - and this is a really dangerous issue, since the programs with this problems runs at root or system service with admin rights... (even the extraction programs) - it's trivial to replace a file on the server ( /etc/passwd or /etc/shadow as well as win.ini) for example - to get root or change (overwrite) the configuration of the programs.
An advisory will be released some days after the bugs were fixed - I expect it next week.
cheers, Andreas NEW: Notes 4/5 + Exchange 5.5/2000 AV Test -> http://www.av-test.org -- Andreas Marx <amarx () gega-it de>, http://www.av-test.de GEGA IT-Solutions GbR, Klewitzstr. 7, 39112 Magdeburg, Germany Tel: 0391/6075466, Mobil: 0177/6133033, Fax: 0391/6075469
Current thread:
- Re: SECURITY.NNOV: special devices access in multiple archivers Andreas Marx (Aug 02)
- Message not available
- Re: SECURITY.NNOV: special devices access in multiple archivers Andreas Marx (Aug 03)
- Re: SECURITY.NNOV: special devices access in multiple archivers Juergen P. Meier (Aug 05)
- Re: SECURITY.NNOV: special devices access in multiple archivers Andreas Marx (Aug 10)
- Re: SECURITY.NNOV: special devices access in multiple archivers Andreas Marx (Aug 03)
- Message not available