| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1105590280.793.49.camel@localhost> From: frank at knobbe.us (Frank Knobbe) Subject: Multi-vendor AV gateway image inspection bypass vulnerability On Wed, 2005-01-12 at 19:27 -0800, Steven Rakick wrote: > First off, this technique doesn't add an additional > layer of user interaction like zipping a file and/or > password protecting it. No, I meant zip encoding as in gzip'ed web content. I wasn't referring to ZIP archives user have to open. > This evening I noticed that my CheckPoint Firewall-1 > (with SmartDefense) now has a new option to "Block > Encoded Images". It doesn't actually detect the > exploit code, but at least someones starting to at > least give you an option to defend yourself by > blocking RFC 2397 formatted images. Any idea how it does that? Does it look for encoding patterns or does it decode and then check? The later might have an adverse performance impact on busy sites. Cheers, Frank -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050112/de2344ec/attachment.bin
Powered by blists - more mailing lists