| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050325203955.78759.qmail@web53204.mail.yahoo.com> Date: Fri Mar 25 20:40:07 2005 From: stevenrakick at yahoo.com (Steven Rakick) Subject: Mozilla Foundation GIF Overflow Hi all, I was just glancing at the Internet Security Systems website and I noticed the following statement "ISS provides Ahead of the Threat protection for Mozilla and Firefox Browsers". Clicking the related link they mention that ISS Network Sensor 7.0, Proventia A and G100, G400, G200, G1200, G2000 and M series all provide "preemptive protection for these vulnerabilities". I remember a couple months ago, Darren Bounds from Intrusense released an advisory regarding weak support for inspecting base64 encoded images in AV, IDS and IPS technologies (ISS being one of the them). (Advisory: http://www.intrusense.com/av-bypass/image-bypass-advisory.txt) My question is this. Did ISS ever add support for detecting this RFC 2397 images or are they going to pass through undetected? Mozilla and Firefox both support this spec so it seems like a very trivial attack vector to exploit... once again. Also, what other vendors have now added support for RFC 2397 inspection? Any insight would be greatly appreciated. Steve __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Powered by blists - more mailing lists