Re: Buffer Overruns

Subject: Re: Buffer Overruns
From: Steven M. Bellovin (smbresearch.att.com)
Date: Fri Dec 17 1999 - 16:28:21 CST

• Next message: Philip S Holt / Security Engineering: "Re: Common Port listing"
• Previous message: Crispin Cowan: "Re: Buffer Overruns"
• Maybe in reply to: Michael Kelly: "Buffer Overruns"
• Next in thread: Matt Curtin: "Re: Buffer Overruns"
• Maybe reply: Steven M. Bellovin: "Re: Buffer Overruns"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <385A1B90.E2213122home.com>, Michael Kelly writes:
> I really feel silly asking this, but;
> Can these buffer overrun bugs penetrate firewalls? I'm trying to
> convince the boss to ditch IE in favor of Netscape. (which is only
> slightly better)
>

Yes, some buffer overruns can penetrate firewalls.

Fundamentally, firewalls cannot protect you against attacks at a higher level
of the protocol stack than the firewall operates at. If you allow http and
html through your firewall, and there's a bug in the program at your end that
processes the http and html -- yes, you're vulnerable.

This isn't a new issue; see, for example, CERT Advisory CA-98.10, CA-97.05,
and many others.

                --Steve Bellovin

• Next message: Philip S Holt / Security Engineering: "Re: Common Port listing"
• Previous message: Crispin Cowan: "Re: Buffer Overruns"
• Maybe in reply to: Michael Kelly: "Buffer Overruns"
• Next in thread: Matt Curtin: "Re: Buffer Overruns"
• Maybe reply: Steven M. Bellovin: "Re: Buffer Overruns"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Sat Dec 18 1999 - 20:30:58 CST