lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: mfratto at nwc.com (Mike Fratto)
Subject: Sidewinder G2 

I love a challenge.

> proven it hasn't been compromised.  If someone can prove 
> they've broken through one OTHER than through the stupidity 
> of someone configuring a rule wrong, I'd sure love to hear 
> about it.  

This wasn't a root level attack on the Sidewinder host, but an attack
through it via the transparent HTTP application proxy.

Basically, version 4.1 failed to do actually do HTTP syntax checking making
the HTTP proxy a generic proxy in function. So all the HTTP protocol
violation style attacks weren't blocked at all. Proved it using tools off
packetstorm. Told SCC about it and proved it to them as well. Then they
verified the problem and issued a patch some months later. 

Make sure those protection features are actually doing what they claim
folks.

http://www.networkcomputing.com/1106/1106f16.html?ls=NCJS_1106rt

mike


Powered by blists - more mailing lists