-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUMMARY - ------- The Finjan SurfinGate use web content filtering and internet access management for protecting the network. A vulnerability in the product allows you to bypass the access management. You can download files which are normally blocked. VERSIONS AFFECTED - ----------------- Tested with SurfinGate Version 7.0SP2 and SP3 (and maybe others...) DETAILS - ------- A URL ASCII decode problem exists in the Finjan SurfinGate. If you use ASCII encoding for a not allowed file the Finjan SufinGate can not block it. Mostly it's enough to convert the dots to '%2e'. For example: you can bypass a not allowed EXE-download or a double extension file like file.jpg.exe. If you block the content type of the file you can not bypass the Finjan SurfinGate. But a hacker will not use a correct configured webserver for infiltrate files in the company.... Finjan Software Ltd. has been notified for one year! Proof of concept - ---------------- (This example will not work if you block the content type in your infrastructure, but there are some webservers out there with a wrong content type for EXE-files.....) Of course we don't take a normal exe-file. Let us use a screensaver. If you block SCR-files the following will be blocked: http://www.mustangworld.com/ourpics/sware/Mustangworld.scr If you _just_ block the SCR-extension (and not the content type in you infrastructure) your can bypass the Finjan SurfinGate with the following link: http://www.mustangworld.com/ourpics/sware/Mustangworld%2escr Bye Daniel Schröter - -- ========================================================= (gnu)PGP signierter Key vom heise c't Magazin verfügbar. http://www.heise.de/security/dienste/pgp/ ========================================================= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCrui60uIOmJO/NdERAgdAAKDo1xRPO/tXiiRkW1hL5oP53PUrYACfWS2u kF8l2cInyHrWPaVqZouWnkg= =k0Mw -----END PGP SIGNATURE-----
