• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Finjan SurfinGate File Extension File Filter Circumvention Vulnerability

A problem with SurfinGate could make it possible for an attacker to circumvent file filters that are set in place.

SurfinGate uses the file extension to determine if a file is of a type that is blacklisted by the software. It has been reported that an attacker may bypass SurfinGate file filtering rules by appending an extra file extension of a type that is not blacklisted to the end of the file name.

It should be noted that an end user would still have interactively to open or execute the malicious file.