[ilugd] (fwd) [SECURITY] [Fwd: DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability]

Thu, 29 Jul 2004 20:40:55 -0700 

[Please upgrade if you use DansGuardian to filter web content -- Raju]

This is an RFC 1153 digest.
(1 message)
----------------------------------------------------------------------

Message-ID: <[EMAIL PROTECTED]>
From: =?iso-8859-1?Q?Rub=E9n_Molina?= <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] [Fwd: DansGuardian Hex Encoding URL Banned Extension Filter 
Bypass
 Vulnerability]
Date: Fri, 30 Jul 2004 01:20:45 +0700 (ICT)

DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability
==========================================================================

Original Release Date: 2004-07-29
Author: Ruben Molina (a.k.a fradiavolo)
Email: [EMAIL PROTECTED]

!!! VIVA COLOMBIA !!!

1. Systems affected:

All DansGuardian up to and including DansGuardian 2.8.

2. Overview:

DansGuardian (http://dansguardian.org) is a web Open Source content filter
available
for various Unix based operating systems, including Linux. It filters the
actual
content of pages based on many methods including phrase matching, PICS
filtering and
URL filtering.

DansGuardian may allow malicious users to bypass the extension filter
rules when
processing URLs which contain an hex encoded filename (e.g:
http://server/file.%65%78%65 or http://server/file%2eexe).


3. Impact:

Under some installations, this may violate security policy, or allow users
to inadvertantly access malicious web content.


4. Solution:

Upgrade to DansGuardian 2.8.0.1

5. Patch:

--- FOptionContainer.cpp.diff ---
806d805
<     url.hexDecode();
---------------------------------

6. Timeline and credits:

28/07/2004 Notification to the main developer (author at dansguardian dot
org)
28/07/2004 DansGuardian 2.8.0.1 released
29/07/2004 Public Security Advisory.


7. Thanks to:

Gigax.org people and Silence Team ;)

--

Rubén Molina
0xDEF3F700

Zure atera iristean ostikada jotzen nola irtengo zara?
Eskuak buru gainean ala pistolaren gatilvan?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

------------------------------

End of this Digest
******************

-- 
Raj Mathur                [EMAIL PROTECTED]      http://kandalaya.org/
       GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
                      It is the mind that moves

_______________________________________________
ilugd mailinglist -- [EMAIL PROTECTED]
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/[EMAIL PROTECTED]/

Reply via email to