Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vu

from [Trog] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability
Date: Fri, 14 Jan 2005 19:07:00 +0000 
Quoting Darren Bounds <dbounds@intrusense.com>:


Multi-vendor AV gateway image inspection bypass vulnerability
January 10, 2005

A vulnerability has been discovered which allows a remote attacker
to bypass anti-virus
(as well other security technologies such as IDS and IPS) inspection
of HTTP image content.

By leveraging techniques described in RFC 2397 for base64 encoding  
image content within
the URL scheme. A remote attack may encode a malicious image within
thebody of an HTML
formatted document to circumvent content inspection.


Support for extracting RFC2397 encoded data within HTML documents has
been added to the CVS version of Clam AntiVirus, the open source virus
scanner.

The next stable release containing this feature, version 0.81 is
scheduled to become a Release Candidate on 19th Jan.

Until that time, access to the current development code is available via
CVS and nightly tarballs. See www.clamav.net for download details.

Thanks,
-trog


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability, Trog <=
Previous by Date:  [VulnWatch] iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability, customer service mailbox
Next by Date:  iDefense iTunes advisory., nemo
Previous by Thread:  [VulnWatch] iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability, customer service mailbox
Next by Thread:  iDefense iTunes advisory., nemo
Indexes:  [Date] [Thread] [Top] [All Lists]