Re: Fwd: Websense 6.3.1 Filtering Bypass

[reepex <reepex () gmail com>]

automatic updates with notification? Silent patching? Microsoft tactics?

I also knew websense was a joke but now you have come to this?


On Dec 13, 2007 8:49 AM, Hubbard, Dan <dhubbard () websense com> wrote:

> An added note on this...
>
> Customers do not need to download nor install any new patch for this
> fix. It was automatically updated and installed with our nightly
> protocol signature updates.
>
>
>
>
>
>
>
> -----Original Message-----
> From: full-disclosure-bounces () lists grok org uk
> [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of The
> Security Community
> Sent: Wednesday, December 12, 2007 3:32 PM
> To: bugtraq () securityfocus com; Full-Disclosure
> Subject: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass
>
> Mr. HinkyDink would like to share the following with the Security
> Community...
>
> ---------- Forwarded message ----------
> From:  <dink () mrhinkydink com>
> Date: Dec 12, 2007 6:05 PM
> Subject: Websense 6.3.1 Filtering Bypass
> To: thesecuritycommunity () gmail com
>
>
>
> Please share this with your little friends...
>
> ------------------------------------------
>
> Websense Policy Filtering Bypass
> ================================
> discovered by mrhinkydink
>
>
> PRODUCT: Websense Enterprise 6.3.1
>
> EXPOSURE: Web Filtering Bypass
>
> SYNOPSIS
> ========
>
> By spoofing the User-Agent header it is possible to bypass filtering
> and,
> to a lesser extent, monitoring in a Websense Enterprise 6.3.1
> environment.
>
> PROOF OF CONCEPT
> ================
>
> The following was tested in an unpatched 6.3.1 system using the ISA
> Server
> integration product.  It is assumed it will work with other integration
> products but this has not been tested.  Other User Agents may also work.
>
> I.  Install FireFox 2.0.x
>
> II. Obtain and install the User Agent Switcher browser plug-in  by Chris
>    Pederick
>
> III. Add the following User Agents to the plug-in
>
>     Description: RealPlayer
>     User Agent : RealPlayer G2
>
>     Description: MSN Messenger
>     User Agent : MSMSGS
>
>     Description: WebEx
>     User Agent : StoneHttpAgent
>
> IV.  Change FireFox's User Agent to any one of the preceding values
>
> V.   Browse to a filtered Web site
>
> VI.  Content is allowed
>
> Content browsed via this method will be recorded in the Websense
> database
> as being in the "Non-HTTP" category.
>
> Demonstration: http://www.youtube.com/watch?v=pKv41ge8XcQ
>
> SEE ALSO
> ========
> Websense KnowledgeBase article #976
>
> The vendor acknowledges this behavior in the aforementioned article.
>
> WORKAROUND
> ==========
> Disable the protocols mentioned above.
>
> VENDOR RESPONSE
> ===============
> Websense has repaired this issue in database #92938
>
> NOTICE
> ======
> mrhinkydink is not to be confused with the blogger by the same name
> at www.dailykos.com
>
> c. MMVII mrhinkydink
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>  Protected by Websense Messaging Security ? www.websense.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/