This seems fine to me. do you know the vulnerable version of Safari browser?
Thanks Ravi On Mon, Jun 9, 2008 at 7:17 PM, Srinivasa Addepalli <[EMAIL PROTECTED]> wrote: > Hi Ravi, > > You are right that many IDS/IPS systems don't have java script analyzers. > Even the systems that have these analyzers will also have problems in > detecting these kinds of attacks. > > One simple way is to create a signature which checks version string in > User-Agent field and javascript in response html data. If user agent > version indicates vulnerable software edition and javascript is seen, this > signature flags the administrator. Since javascript is not analyzed, there > could be false positives; but at the minimum, it provides logs and alerts to > administrator to take further action. > > Srini > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Ravi Chunduru > Sent: Saturday, June 07, 2008 1:55 PM > To: Focus IDS > Subject: Javascript long string detection > > Hi, > > I have come across this vulnerability > > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0729 > > and corresponding Exploit at > > http://www.milw0rm.org/exploits/5268 > > There are so many ways to create a long string in Javascript. How do > Network based IDS/IPS can detect these kinds of attacks? Is it > possible to create signatures to detect these attacks? Many existing > IDS/IPS devices don't have capabilities to interpret and evaluate > javascripts. So, I would think that it is nearly impossible. Any > insight? > > Thanks > Ravi > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in > tro_sfw > to learn more. > ------------------------------------------------------------------------ > > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
