lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1105570644.793.25.camel@localhost>
From: frank at knobbe.us (Frank Knobbe)
Subject: Multi-vendor AV gateway image inspection
	bypass vulnerability

On Wed, 2005-01-12 at 12:37 -0800, Steven Rakick wrote:
> This would mean that if an image exploiting the
> recently announced Microsoft LoadImage API overflow
> were imbedded into HTML email there would be zero
> defense from the network layer as it would be
> completely invisible.
> 
> Why am I not seeing more about this in the press? It
> seems pretty threatening to me...

Because it's old news from a network layer perspective. Images, emails,
etc can also be transferred zipped or encoded in base64 and what not.
Lots of IPS/IDS/AV and other gateway devices miss these encoded files.

The only novel approach I can see here is the embedding of the data
together with type and encoding in the URL. Nice idea. $20 says
spyware/spam/porn/phishing sites will adopt this fairly soon.

Regards,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050112/4f409ecb/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ