IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS?

From: Michael Scheidell <scheidell () secnap net>
Date: Thu, 15 Mar 2007 15:50:05 -0400
Surya Batchu wrote:

Hi,

Please see this advisory:  http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3051

This attack can be launched remotely by sending specially crafted data in archived file.

Which security solutions are expected to catch these kinds of attacks? It seems that NIPS/NIDS solution typically check 
for buffer overflow attacks at protocol level, but not at the file/archive level.  If so, is it fair to assume that 
only security solutions running, on the client machine, catch these kjinds of attacks. Any insight is appreciated.

T
also, isn't this old? very old? current 7zip version is 4.44, well past the 4.27Beta of this one 2 years ago.
----------------------------------------------------------------- This email has been scanned and certified safe by SpammerTrap(tm) For Information please see http://www.spammertrap.com ----------------------------------------------------------------- 
------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: