10509 : Multiple Anti-Virus MS-DOS Device Name Scan Bypass
Printer | http://osvdb.org/10509 | Email This | Edit Vulnerability

Views This Week

1

Views All Time

21

Info

Last Modified

7 months ago

Percent Complete

100%

Disclosure

Oct 05, 2004

Discovery

Jun 25, 2004

Dates

Exploit

Oct 05, 2004

Solution

Unknown

Description

Norton AntiVirus contains a flaw that may allow malicious files to bypass scanning. The issue is triggered when malware uses a MS-DOS Device based name such as AUX, CON, PRN, COM1 and LPT1. It is possible that the flaw may allow malware to evade scans resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Other
Impact: Unknown
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Symantec has released a patch to address this vulnerability available via LiveUpdate. Furthermore, it is possible to correct the flaw by implementing the following workaround:
1.) Ensure that no local files or directories using reserved MS-DOS device
names exist
2.) Use 'del \.\C:\aux' to delete those files if they exist (e.g. aux)

Products

Symantec Corporation	Norton Antivirus	2003
		2004
		2005

H+BEDV Datentechnik GmbH

AntiVir

6.28

Proland Software

Protector Plus 2000

7.2.F07

FIL Security Laboratory

Twister Anti-TrojanVirus

5.5

References

Security Tracker: 1011544 1011842 1011843 1011844
Secunia Advisory ID: 12734 12870 12893 12894
CVE ID: 2004-0920 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0656.html
Other Advisory URL: http://secway.org/Advisory/Ad20041009.txt
http://www.idefense.com/application/poi/display?id=147&type=vulnerabilities
Vendor URL: http://www.filseclab.com
http://www.hbedv.com
http://www.pspl.com
Vendor Specific Advisory URL: http://www.sarc.com/avcenter/security/Content/2004.10.05.html

Credit

Kurt Seifried - kurtseifried.org -

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

User Status

Account
- Login
- Sign-Up

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use