Bugtraq mailing list archives
RE: Long path exploit on NTFS
From: David Korn <dkorn () pixelpower com>
Date: Thu, 7 Feb 2002 11:25:48 -0000
-----Original Message----- From: David Sexton [mailto:dave.sexton () sapphire net] Sent: 05 February 2002 09:14 To: 'fh () rcs urz tu-dresden de'; bugtraq () securityfocus com; hans.somers () hccnet nl Subject: RE: Long path exploit on NTFS Err.. I beg to differ: SWEEP virus detection utility Version 3.54, Monday, February 04, 2002
<delurk> I notice you're using 3.54 rather than 3.53, so I've confirmed the same result for 3.53 (Release data 7 Jan 02, engine v2.7), using the batch file posted here earlier (although I changed the subst drive letter from Q to Z because I already had a Q drive). It would be interesting if Frank could describe the methodology he used, as the phrase "According to my own tests" suggests he was not using the same script. The machine in question has NT4 SP6, in case anyone was wondering whether that was what caused the difference between David's results and Frank's. SWEEP virus detection utility Version 3.53, 07 January 2002 Includes detection for 71212 viruses, trojans and worms Copyright © 1989, 2001, Sophos Plc, www.sophos.com Info: Immediate job started by [REDACTED] at 11:14 on 07 February 2002 Items to be swept: "All Master Boot Sectors" Drive C: Sector 0 C:\temp\*.* and all subfolders Scanning options: Full mode, including archive files, excluding off-line files Sweeping: Disk 80 Cylinder 0 Head 0 Sector 1 Drive C: Sector 0 C:\TEMP\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\12 34567890\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\1 234567890\1234567890\1234567890\1234567890\1234567890\1234567890\123456789\1 234567890...\EICAR.TXT Virus: 'EICAR-AV-Test' detected in C:\TEMP\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\12345 6~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\ 123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\EICAR.TXT No action taken C:\TEMP\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\12 34567890\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\1 234567890\1234567890\1234567890\1234567890\1234567890\1234567890\123456789\1 234567890...\EICAR2.COM Virus: 'EICAR-AV-Test' detected in C:\TEMP\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\12345 6~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\ 123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\EICAR2.COM No action taken C:\TEMP\trb95.tmp C:\TEMP\cw50temp.000 C:\TEMP\~DFC3C0.tmp C:\TEMP\trb53E.tmp C:\TEMP\trb540.tmp C:\TEMP\trb542.tmp C:\TEMP\trb821.tmp C:\TEMP\~DFC3C1.tmp Info: Immediate job completed at 11:14 on 07 February 2002 12 items swept, 2 viruses detected, 0 errors DaveK -- Burn your ID card! http://www.optional-identity.org.uk/ Help support the campaign, copy this into your .sig! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **********************************************************************
Current thread:
- Re: Long path exploit on NTFS Hans Somers (Feb 04)
- Re: Long path exploit on NTFS Frank Heyne (Feb 04)
- <Possible follow-ups>
- RE: Long path exploit on NTFS Fleming, Diane (Feb 04)
- RE: Long path exploit on NTFS Didier Arenzana (Feb 06)
- RE: Long path exploit on NTFS David Sexton (Feb 06)
- Re: Long path exploit on NTFS Christophe Bousquet (Feb 06)
- RE: Long path exploit on NTFS Uidam, T (Tim) (Feb 06)
- RE: Long path exploit on NTFS Elan Hasson (Feb 08)
- RE: Long path exploit on NTFS David Korn (Feb 07)
- RE: Long path exploit on NTFS Frank Heyne (Feb 08)
- Long Path Exploit on NTFS Mark Ng (Feb 07)
- RE: Long path exploit on NTFS andy (Feb 08)