Bugtraq mailing list archives
Vulnerability discovered in SpearHead NetGap
From: "eDvice Security Services" <support () edvicetech com>
Date: Mon, 28 May 2001 10:20:14 +0200
Background --------------- SpearHead's NetGAP appliance physically disconnects a company's network from the Internet. The product consists of two separate computers, an Untrusted CPU and a Trusted CPU, that are never directly connected at any given time. NetGap includes a content checking engine. This engine supports the filtering of specified file types, while being downloaded over HTTP. For example, the security administrator can prevent internal users from downloading executable (.exe) files by using the content checking engine to filter exe files. The problem ------------ Using Unicode encoding techniques, a user (or a malicious web site) can bypass NetGap's filtering engine. Status -------- The vendor has acknowledged the vulnerability and will release a patch in the next few days. Vendor was informed on 15 May 2001. Details -------- Web servers accept Unicode representation of characters in the URL by using a "%nn" notation. The NetGap URL filter does not interpret correctly URLs containing Unicode representation of characters. Consequently, the file http://www.target.com/evilfile.exe will go undetected by NetGap if represented as http://www.target.com/evilfile.ex%65. However, when this URL reaches the web server, it will be interpreted exactly the same as http://www.target.com/evilfile.exe and the file will be downloaded into the user's desktop. Solution --------- Do not rely on NetGap for URL filtering until vendor releases a fix. ==================== Discovered by: eDvice Security Services support () edvicetech com http://www.edvicetech.com Tel: +972-3-6120133 Fax: +972-3-6954837
Current thread:
- Vulnerability discovered in SpearHead NetGap eDvice Security Services (May 28)