IDS mailing list archives

7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS?

From: Surya Batchu <suryak_batchu () yahoo com>
Date: Wed, 14 Mar 2007 23:07:13 -0700 (PDT)

Hi,

Please see this advisory:  http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3051

This attack can be launched remotely by sending specially crafted data in archived file.

Which security solutions are expected to catch these kinds of attacks? It seems that NIPS/NIDS solution typically check 
for buffer overflow attacks at protocol level, but not at the file/archive level.  If so, is it fair to assume that 
only security solutions running, on the client machine, catch these kjinds of attacks. Any insight is appreciated.

Thanks
Surya


 
____________________________________________________________________________________
It's here! Your new message!  
Get new email alerts with the free Yahoo! Toolbar.
http://tools.search.yahoo.com/toolbar/features/mail/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Current thread:

7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS? Surya Batchu (Mar 15)
- Re: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS? Michael Scheidell (Mar 15)
- Re: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS? Michael Scheidell (Mar 15)
- RE: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS? Oleg Kolesnikov x 133 (Mar 15)
- <Possible follow-ups>
- Re: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS? Surya Batchu (Mar 19)