SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   DansGuardian Vendors:   Barron, Daniel
DansGuardian Web Content Filtering Proxy Bug Lets Remote Users Bypass File Name Extension Filtering Restrictions
SecurityTracker Alert ID:  1003553
SecurityTracker URL:  http://securitytracker.com/id/1003553
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 14 2002
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.2.5
Description:   A vulnerability was reported in the DansGuardian web content filtering proxy. A remote user can bypass the filename filtering restrictions.

It is reported that a remote user can bypass the file extension filtering. No details were provided.

Impact:   A remote user can bypass the filename filtering restrictions.
Solution:   The vendor has released a fixed version (2.2.5), available at:

http://dansguardian.org/?page=download

Vendor URL:  dansguardian.org/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  DansGuardian file extension filtering bug


  DansGuardian 2.2.5
  by Daniel Barron (http://freshmeat.net/users/dansguardian/)
  Wednesday, February 13th 2002 18:28

Internet Internet :: WWW/HTTP Security

About: DansGuardian is a Web content filtering proxy that uses Squid to
do
all the fetching. It filters using multiple methods including, but not
limited to, phrase matching, file extension matching, MIME type
matching,
PICS filtering, and URL/domain blocking.  It has the ability to switch
off
filtering by certain criteria including username, domain name, source
IP,
etc.  The configurable logging produces a log in an easy to read format. 
It has the option to only log text-based pages, thus significantly
reducing redundant information (such as every image on a page). 

Changes: A fix for an issue which caused DG to stop responding under
very
heavy load, and a fix for a security issue that allowed file extension
filtering to be bypassed. 

License: GNU General Public License (GPL)

URL: http://freshmeat.net/projects/dansguardian/


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC