| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050328185438.47625.qmail@web53203.mail.yahoo.com> Date: Mon Mar 28 19:54:47 2005 From: stevenrakick at yahoo.com (Steven Rakick) Subject: [security] Mozilla Foundation GIF Overflow Hi Richard, Thanks for the email. Based on what you're saying, things have changed then since: http://xforce.iss.net/xforce/xfdb/18882. In that URL, Proventia A, G and M series are listed as affected. I'm not quite sure why it would affect the AV engine, but not the IPS engine unless you're looking at the content in a different manner. Can you explain what you're doing differrently now? Are you inspecting all RFC 2397 embedded data? Steve --- "Armstrong, Richard (ISS Texas)" <rarmstrong@....net> wrote: > The trick below is a way to get around AV Gateways > but not Intrusion > Prevention Systems. The M Series is our multi > function box. So while > the GIF would have made if pass the AV Gateway > module it would not have > made it past the IPS module. The FW and IPS module > come with all M > Series appliances for free. > > Our A and G Series appliances do not have AV > Gateways and were not > vulnerable to the below. > > R > > Richard Armstrong, CISSP > Director Systems Engineering > Western Region > Internet Security Systems > Mobile: 469-556-5513 > rarmstrong@....net > > > > -----Original Message----- > From: security-bounces@...ts.seifried.org > [mailto:security-bounces@...ts.seifried.org] On > Behalf Of Steven Rakick > Sent: Friday, March 25, 2005 2:40 PM > To: full-disclosure@...ts.grok.org.uk > Subject: [security] [Full-disclosure] Mozilla > Foundation GIF Overflow > > Hi all, > > I was just glancing at the Internet Security Systems > website and I > noticed the following statement "ISS provides Ahead > of the Threat > protection for Mozilla and Firefox Browsers". > > Clicking the related link they mention that ISS > Network Sensor 7.0, > Proventia A and G100, G400, G200, G1200, G2000 and M > series all provide > "preemptive protection for these vulnerabilities". > > I remember a couple months ago, Darren Bounds from > Intrusense released > an advisory regarding weak support for inspecting > base64 encoded images > in AV, IDS and IPS technologies (ISS being one of > the them). > (Advisory: > http://www.intrusense.com/av-bypass/image-bypass-advisory.txt) > > My question is this. Did ISS ever add support for > detecting this RFC > 2397 images or are they going to pass through > undetected? Mozilla and > Firefox both support this spec so it seems like a > very trivial attack > vector to exploit... once again. > > Also, what other vendors have now added support for > RFC 2397 inspection? > > > Any insight would be greatly appreciated. > > Steve > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Small Business - Try our new resources site! > http://smallbusiness.yahoo.com/resources/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - > http://secunia.com/ > _______________________________________________ > security mailing list > security@...ts.seifried.org > http://lists.seifried.org/mailman/listinfo/security > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Powered by blists - more mailing lists