DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability Jul 29 2004 01:43PM
Rubén Molina (ruben udea edu co)
DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability

Original Release Date: 2004-07-29
Author: Ruben Molina (a.k.a fradiavolo)
Email: ruben (at) udea.edu (dot) co [email concealed]


1. Systems affected:

All DansGuardian up to and including DansGuardian 2.8.

2. Overview:

DansGuardian (http://dansguardian.org) is a web Open Source content filter
for various Unix based operating systems, including Linux. It filters the
content of pages based on many methods including phrase matching, PICS
filtering and
URL filtering.

DansGuardian may allow malicious users to bypass the extension filter
rules when
processing URLs which contain an hex encoded filename (e.g:
http://server/file.%65%78%65 or http://server/file%2eexe).

3. Impact:

Under some installations, this may violate security policy, or allow users to
inadvertantly access malicious web content.

4. Solution:

Upgrade to DansGuardian

5. Patch:

--- FOptionContainer.cpp.diff ---
< url.hexDecode();

6. Timeline and credits:

28/07/2004 Notification to the main developer (author at dansguardian dot
28/07/2004 DansGuardian released
29/07/2004 Public Security Advisory.

7. Thanks to:

Gigax.org people and Silence Team ;)


Rubén Molina

Zure atera iristean ostikada jotzen nola irtengo zara?
Eskuak buru gainean ala pistolaren gatilvan?

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus