Full Disclosure mailing list archives
Webwasher CSM Appliance Script Security Restriction Bypass
From: d0t v0rt3x <d0tv0rt3x () gmail com>
Date: Thu, 22 Dec 2005 22:41:35 +0200
Vendor: Webwasher (http://www.webwasher.com/) Product: Webwasher CSM Appliance Affected versions: CSM Suite 5.x Author: .v0rt3x (d0tv0rt3x[at]gmail[d0t]com) Date: 2005-Dec-22 ....Background.... "...Webwasher appliances provide high-performance "Proactive Filtering" of bidirectional SMTP, HTTP, HTTPS, and FTP traffic to detect and cleanse all forms of malware. The result is a security appliance that delivers the Blended Protection you need to protect against malicious content and unwanted email..." ....Description.... Webwasher CSM includes an encapsulation script mechanism with the aim of filtering malicious scripts. The encapsulation script makes use of specific potentially malicious tokens in order to detect and neutralize the malicious script. The detection of the tokens is case sensitive. However, some of the tokens can be executed whether they are written in lower case or upper case letters. In other words, by creating a specially crafted script, an attacker can bypass the filtering mechanism and execute malicious scripts. ....Proof.of.Concept.... 1) Create a malicious script by using an object which executes ".Run" method (e.g. one of the many WScript.Shell exploits). 2) Replace ".Run" with ".run". 3) Execute the malicious script "safely" through Webwasher CSM. ....Timeline.... 2005-May-15: Vendor was notified by mail. 2005-Aug-15: Vendor was notified again via contact form. 2005-Dec-22: No response from the vendor - public disclosure. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Webwasher CSM Appliance Script Security Restriction Bypass d0t v0rt3x (Dec 22)
- <Possible follow-ups>
- RE: Webwasher CSM Appliance Script Security Restriction Bypass Frank Berzau (Dec 23)
- RE: Webwasher CSM Appliance Script Security Restriction Bypass Frank Berzau (Dec 28)