Surya Batchu wrote:
Hi,
Please see this advisory: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3051
This attack can be launched remotely by sending specially crafted data in
archived file.
Which security solutions are expected to catch these kinds of attacks? It seems
that NIPS/NIDS solution typically check for buffer overflow attacks at protocol
level, but not at the file/archive level. If so, is it fair to assume that
only security solutions running, on the client machine, catch these kjinds of
attacks. Any insight is appreciated.
Thanks
Something like this will typically come in via web
'http://www.compromizedluserscomputer.com/files/pornfile.arc' or via
email, network share, etc
I would say its the job of the web proxy anti-virus, web proxy
blacklists, email anti-virus, anti-spam (its most likely spammed) or
desktop anti-virus to stop it.
not an 'or', but an 'and'. (I don't IPS/IDS should block the 300,000
types of viruses)
Layered security, hopefully one of these layers will block it before its
opened.
ok, and ps, is 7zip an approved software package for your users?
hardening the workstation so they don't load software that isn't needed
for business purposes also helps, and if it is an approved package, you
also have in place the ability to patch it now?
--
Michael Scheidell, CTO
SECNAP Network Security Corporation.
-----------------------------------------------------------------
This email has been scanned and certified safe by SpammerTrap(tm)
For Information please see http://www.spammertrap.com
-----------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
