Cyber Web Filter IP Address Web Blocking Can Be Bypassed
|
|
SecurityTracker Alert ID: 1011986 |
|
SecurityTracker URL: http://securitytracker.com/id/1011986
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 28 2004
|
Impact:
Host/resource access via network
|
Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 2.00
|
Description:
Ziv Kamir from Global Security Solution IT reported a vulnerability in Cyber Web Filter. A user can bypass the IP address filtering mechanism.
It is reported that a user can encode the IP address in octal numbers preceeded with five '0' characters to access web pages on restricted IP addresses.
A demonstration exploit representation of '100.100.100.100' is provided:
http://00000144.00000144.00000144.00000144
The vendor was notified on October 27, 2004.
|
Impact:
A user can bypass the IP address filtering mechanism to access web sites on ostensibly blocked IP addresses.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.global-spy-software.com/cyber_web_filter/ (Links to External Site)
|
Cause:
Access control error, Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 28 Oct 2004 08:11:36 -0700 (PDT)
Subject: Cyber Web Filter
|
--0-1240848295-1098976296=:12873
Content-Type: text/plain; charset=us-ascii
Content-Id:
Content-Disposition: inline
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
--0-1240848295-1098976296=:12873
Content-Type: text/plain; name="CWF.txt"
Content-Description: CWF.txt
Content-Disposition: inline; filename="CWF.txt"
28/10/04
====================================
GSSIT - Global Security Solution IT
====================================
-------------------------------------------------------
Application: Cyber Web Filter
Web Site: www.global-spy-software.com
Versions: 2.00
Platform: Windows
Credits:
########
#########################################
# == Ziv Kamir == #
# #
# GSSIT - Global Security Solution IT #
# #
# WEB : www.gssit.co.il #
# #
# #
#########################################
---------------------
1) Introduction
2) Bug
3) The Code
4) Fix
================
1) Introduction
================
Cyber Web Filter is an HTTP and SOCKS 5 proxy which can share, monitor and filter
Internet access. You can create access rules controlling what activity is allowed and
which should be blocked, based on the username, time, domain name, or filename. You
can also speed throttle certain requests to a slower speed so that they do not
congest your network.
=======
2) Bug
=======
bypass the IP filtering mechanism.
===========
3) The Code
===========
EX: Block [ip - 100.100.100.100 ]
---------------------------------
*) Bypass : http://100.0100.100.100
*) convert each octet to an octal number Insert five (5) leading zeros in each
octet:
Bypass : http://00000144.00000144.00000144.00000144
======
4) Fix
======
Date of Vendor Notification:
----------------------------
27/10/04
Response :
=========
28/10/04
Agreed, the user can get around an IP filter using this method.
==============================================================================================
*** The Data is for educational purpose only. ***
The information in this bulletin is provided "AS IS" without
warranty of any kind. In no event shall we be liable for any
damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages.
==============================================================================================
--0-1240848295-1098976296=:12873--
|
|
