OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: eDvice Security Services (supportedvicetech.com)
Date: Mon May 28 2001 - 03:20:14 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Background
    ---------------
    SpearHead's NetGAP™ appliance physically disconnects a company's network
    from the Internet. The product consists of two separate computers, an
    Untrusted CPU and a Trusted CPU, that are never directly connected at any
    given time.

    NetGap™ includes a content checking engine. This engine supports the
    filtering of specified file types, while being downloaded over HTTP. For
    example, the security administrator can prevent internal users from
    downloading executable (.exe) files by using the content checking engine to
    filter exe files.

    The problem
    ------------
    Using Unicode encoding techniques, a user (or a malicious web site) can
    bypass
    NetGap's filtering engine.

    Status
    --------
    The vendor has acknowledged the vulnerability and will release a patch in
    the next few days.
    Vendor was informed on 15 May 2001.

    Details
    --------
    Web servers accept Unicode representation of characters in the URL by using
    a "%nn" notation. The NetGap™ URL filter does not interpret correctly URLs
    containing Unicode representation of characters. Consequently, the file
    http://www.target.com/evilfile.exe will go undetected by NetGap™ if
    represented as http://www.target.com/evilfile.ex%65. However, when this URL
    reaches the web server, it will be interpreted exactly the same as
    http://www.target.com/evilfile.exe and the file will be downloaded into the
    user's desktop.

    Solution
    ---------
    Do not rely on NetGap™ for URL filtering until vendor releases a fix.

    ====================
    Discovered by:
    eDvice Security Services
    supportedvicetech.com
    http://www.edvicetech.com
    Tel: +972-3-6120133
    Fax: +972-3-6954837