Full Disclosure mailing list archives
Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]
From: GuidoZ <uberguidoz () gmail com>
Date: Fri, 1 Oct 2004 20:37:25 -0700
More useful info on calcs/xcalcs: - http://support.microsoft.com/default.aspx?scid=kb;EN-US;135268 - http://www.ss64.com/nt/cacls.html - http://www.jsiinc.com/SUBH/tip3700/rh3729.htm -- Peace. ~G On Fri, 1 Oct 2004 20:29:19 -0700, GuidoZ <uberguidoz () gmail com> wrote:
I've heard of this before (see following link). I thought it was fixed in SP1 (maybe it was SP2). I'm probabaly wrong - call it wishful thinking. There is an interesting page in German about it here: - http://www.lsg.musin.de/Admin/NT/rechte/die_batch_online_mit_vielen_erkl.htm English transation provided by Google is: - http://translate.google.com/translate?hl=en&sl=de&u=http://www.lsg.musin.de/Admin/NT/rechte/die_batch_online_mit_vielen_erkl.htm&prev=/search%3Fq%3D%2522cacls%2B*.*%2B/T%2B/C%2B/P%2B*:R%2522%26hl%3Den%26lr%3D%26ie%3DUTF-8 (if the URL wrap bothers you, here's a TinyURL: http://tinyurl.com/6t6lu) It doesn't take much to figure out how this could be used to cause some hell. (Maybe combined with the recent GDI/JPEG exploit? Downloading a batch file coudl be nasty...) - Peace. ~G On Fri, 1 Oct 2004 19:37:49 -0700 (PDT), bipin gautam <visitbipin () yahoo com> wrote:All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] Risk Level: Medium Affected Product: (Should be) all Antivirus, Trojan, Spy ware scanners for windows. Description: ------------ A malicious code can reside in a computer (with users privilage) bypassing "manual scans" of any Antivirus, Trojan & Spy ware scanners by simply issuing this command to itself. cacls hUNT.exe /T /C /P dumb_user:R ...this is only due to the design fault in Microsoft Windows, the way it handles NTFS permission.By this way... any software's with even Admin./SYSTEM privilege can't access this file (hUNT.exe) normally because the only person who has normal access to this file is "dumb_user" No wonder, there are several false assumptions in windows security configuration as well, when a JOE administrator could permenantly lock himself up in his own machine. regards, Bipin Gautam http://www.geocities.com/visitbipin Disclaimer: The information in the advisory is believed to be accurate at the time of printing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on this information. __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] GuidoZ (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] GuidoZ (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 01)
- <Possible follow-ups>
- All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] 3APA3A (Oct 02)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re: (confirm) Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re: (confirm) Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re[2]: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] 3APA3A (Oct 02)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] 3APA3A (Oct 02)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] GuidoZ (Oct 01)