SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Security)  >  DansGuardian Vendors:  Barron, Daniel
DansGuarding File Extension Filter Can Be Bypassed With Hex-Encoded URLs
SecurityTracker Alert ID:  1010817
SecurityTracker URL:  http://securitytracker.com/id?1010817
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 30 2004
Impact:  Host/resource access via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): 2.8 and prior versions
Description:  A vulnerability was reported in DansGuardian. A remote user can create a URL that will bypass the file extension filtering.

Ruben Molina reported that a remote user can create a URL that contains a hex-encoded character to bypass the file extension filter.

Some demonstration exploit URLs are provided:

http://server/file.%65%78%65
http://server/file%2eexe

The vendor was reportedly notified on July 28, 2004.
Impact:  A remote user can bypass filtering rules to access a file with a banned file extension.
Solution:  The vendor has released a fixed version (2.8.0.1), available at:

http://dansguardian.org/?page=download
Vendor URL:  dansguardian.org/ (Links to External Site)
Cause:  Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  Ruban_Molina <ruben@udea.edu.co>
Message History:   None.

 Source Message Contents
Date:  Thu, 29 Jul 2004 20:43:18 +0700 (ICT)
From:  Ruban_Molina <ruben@udea.edu.co>
Subject:  DansGuardian Hex Encoding URL Banned Extension Filter Bypass 

 

DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability
==========================================================================

Original Release Date: 2004-07-29
Author: Ruben Molina (a.k.a fradiavolo)
Email: ruben@udea.edu.co

!!! VIVA COLOMBIA !!!

1. Systems affected:

All DansGuardian up to and including DansGuardian 2.8.

2. Overview:

DansGuardian (http://dansguardian.org) is a web Open Source content filter
available
for various Unix based operating systems, including Linux. It filters the
actual
content of pages based on many methods including phrase matching, PICS
filtering and
URL filtering.

DansGuardian may allow malicious users to bypass the extension filter
rules when
processing URLs which contain an hex encoded filename (e.g:
http://server/file.%65%78%65 or http://server/file%2eexe).


3. Impact:

Under some installations, this may violate security policy, or allow users to
inadvertantly access malicious web content.


4. Solution:

Upgrade to DansGuardian 2.8.0.1

5. Patch:

--- FOptionContainer.cpp.diff ---
806d805
<     url.hexDecode();
---------------------------------

6. Timeline and credits:

28/07/2004 Notification to the main developer (author at dansguardian dot
org)
28/07/2004 DansGuardian 2.8.0.1 released
29/07/2004 Public Security Advisory.


7. Thanks to:

Gigax.org people and Silence Team ;)

--

Rubén Molina
0xDEF3F700

Zure atera iristean ostikada jotzen nola irtengo zara?
Eskuak buru gainean ala pistolaren gatilvan?


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC