SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   DansGuardian Vendors:   Barron, Daniel
DansGuardian Web Content Filtering Proxy Bug Lets Remote Users Bypass File Name Extension Filtering Restrictions
SecurityTracker Alert ID:  1003553
SecurityTracker URL:  http://securitytracker.com/id/1003553
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 14 2002
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.2.5
Description:   A vulnerability was reported in the DansGuardian web content filtering proxy. A remote user can bypass the filename filtering restrictions.

It is reported that a remote user can bypass the file extension filtering. No details were provided.
Impact:   A remote user can bypass the filename filtering restrictions.
Solution:   The vendor has released a fixed version (2.2.5), available at:

http://dansguardian.org/?page=download
Vendor URL:  dansguardian.org/ (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents
Date:  Thu, 14 Feb 2002 09:49:01 -0500
Subject:  DansGuardian file extension filtering bug


  DansGuardian 2.2.5
  by Daniel Barron (http://freshmeat.net/users/dansguardian/)
  Wednesday, February 13th 2002 18:28

Internet Internet :: WWW/HTTP Security

About: DansGuardian is a Web content filtering proxy that uses Squid to
do
all the fetching. It filters using multiple methods including, but not
limited to, phrase matching, file extension matching, MIME type
matching,
PICS filtering, and URL/domain blocking.  It has the ability to switch
off
filtering by certain criteria including username, domain name, source
IP,
etc.  The configurable logging produces a log in an easy to read format. 
It has the option to only log text-based pages, thus significantly
reducing redundant information (such as every image on a page). 

Changes: A fix for an issue which caused DG to stop responding under
very
heavy load, and a fix for a security issue that allowed file extension
filtering to be bypassed. 

License: GNU General Public License (GPL)

URL: http://freshmeat.net/projects/dansguardian/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC