Bugtraq mailing list archives
Re: SurfControl Bypass Vulnerability
From: "Witter, Franklin" <FWitter () BBANDT COM>
Date: Thu, 22 Mar 2001 08:35:26 -0500
This vulnerability exists in version 3.0.2 of SurfControl for MS Proxy. Not only does it let you hit the first page using the octal address, but it allows you to surf the entire site. We tested it on 3 different systems logged in as different users and were able to make multiple visits to the same site. SurfControl has confirmed this to be a vulnerability in this version. No ETA for a patch has been given at this point.
-----Original Message----- From: Don Weber [SMTP:Don () AirLink com] Sent: Wednesday, March 21, 2001 5:42 PM To: Witter, Franklin; BUGTRAQ () SECURITYFOCUS COM Subject: RE: SurfControl Bypass Vulnerability is this with a particular version, I tried it and as usual it lets me 'bypass' the first time but not any subsequent attempts, and if I use the octal format on one computer, a second or any subsequent computers will NOT get to the site. -----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Witter, Franklin Sent: Tuesday, March 20, 2001 10:07 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: SurfControl Bypass Vulnerability It appears that there is yet another way to bypass the site blocking feature of SurfControl for MS Proxy. Our configuration: We have set up our rules to deny access to anyone attempting to reach sites classified as Adult/Sexually Explicit, Hacking, etc. That would mean that anyone trying to reach www.blockedsite.com would normally be denied access to the site. The workaround: 1. First, do an nslookup on www.blockedsite.com to get the IP address of the site -- xxx.xxx.xxx.xxx 2. Next, convert each octet to an octal number using the windows calculator -- yyy.yyy.yyy.yyy 3. Insert eight (8) leading zeros in the first and third octets and seven (7) leading zeros in the second and fourth octets -- 00000000yyy.0000000yyy.00000000yyy.0000000yyy 4. Type the modified octets into your browser's address bar and, viola!, your are successfully bypassing the SurfControl filter. I have contacted SurfControl about this but have had no response. If anyone has any suggestions for correcting this vulnerability, please let me know. Franklin Witter Network Security Specialist II 252-246-3546 fax: 252-246-3463 e-mail: FWitter () BBandT com
Current thread:
- SurfControl Bypass Vulnerability Witter, Franklin (Mar 21)
- Re: SurfControl Bypass Vulnerability skelly (Mar 22)
- Re: SurfControl Bypass Vulnerability Don Weber (Mar 22)
- <Possible follow-ups>
- Re: SurfControl Bypass Vulnerability Witter, Franklin (Mar 22)
- Re: SurfControl Bypass Vulnerability Chris St. Clair (Mar 22)
- Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)
- Re: SurfControl Bypass Vulnerability Paul Cardon (Mar 23)
- Re: SurfControl Bypass Vulnerability Dan Harkless (Mar 25)
- Re: SurfControl Bypass Vulnerability Ben Ford (Mar 26)
- Re: SurfControl Bypass Vulnerability Valdis Kletnieks (Mar 26)
- Re: SurfControl Bypass Vulnerability c0ncept (Mar 26)
- Re: SurfControl Bypass Vulnerability Ryan Russell (Mar 26)
- Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)