IDS mailing list archives
7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS?
From: Surya Batchu <suryak_batchu () yahoo com>
Date: Wed, 14 Mar 2007 23:07:13 -0700 (PDT)
Hi, Please see this advisory: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3051 This attack can be launched remotely by sending specially crafted data in archived file. Which security solutions are expected to catch these kinds of attacks? It seems that NIPS/NIDS solution typically check for buffer overflow attacks at protocol level, but not at the file/archive level. If so, is it fair to assume that only security solutions running, on the client machine, catch these kjinds of attacks. Any insight is appreciated. Thanks Surya ____________________________________________________________________________________ It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar. http://tools.search.yahoo.com/toolbar/features/mail/ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS? Surya Batchu (Mar 15)
- Re: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS? Michael Scheidell (Mar 15)
- Re: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS? Michael Scheidell (Mar 15)
- RE: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS? Oleg Kolesnikov x 133 (Mar 15)
- <Possible follow-ups>
- Re: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS? Surya Batchu (Mar 19)