Customers do not need to download nor install any new patch for this
fix. It was automatically updated and installed with our nightly
protocol signature updates.
-----Original Message-----
From: full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed]
[mailto:full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed]] On Behalf Of The
Security Community
Sent: Wednesday, December 12, 2007 3:32 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]; Full-Disclosure
Subject: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass
Mr. HinkyDink would like to share the following with the Security
Community...
---------- Forwarded message ----------
From: <dink (at) mrhinkydink (dot) com [email concealed]>
Date: Dec 12, 2007 6:05 PM
Subject: Websense 6.3.1 Filtering Bypass
To: thesecuritycommunity (at) gmail (dot) com [email concealed]
Please share this with your little friends...
------------------------------------------
Websense Policy Filtering Bypass
================================
discovered by mrhinkydink
PRODUCT: Websense Enterprise 6.3.1
EXPOSURE: Web Filtering Bypass
SYNOPSIS
========
By spoofing the User-Agent header it is possible to bypass filtering
and,
to a lesser extent, monitoring in a Websense Enterprise 6.3.1
environment.
PROOF OF CONCEPT
================
The following was tested in an unpatched 6.3.1 system using the ISA
Server
integration product. It is assumed it will work with other integration
products but this has not been tested. Other User Agents may also work.
I. Install FireFox 2.0.x
II. Obtain and install the User Agent Switcher browser plug-in by Chris
Pederick
III. Add the following User Agents to the plug-in
Description: RealPlayer
User Agent : RealPlayer G2
Description: MSN Messenger
User Agent : MSMSGS
Description: WebEx
User Agent : StoneHttpAgent
IV. Change FireFox's User Agent to any one of the preceding values
V. Browse to a filtered Web site
VI. Content is allowed
Content browsed via this method will be recorded in the Websense
database
as being in the "Non-HTTP" category.
SEE ALSO
========
Websense KnowledgeBase article #976
The vendor acknowledges this behavior in the aforementioned article.
WORKAROUND
==========
Disable the protocols mentioned above.
VENDOR RESPONSE
===============
Websense has repaired this issue in database #92938
NOTICE
======
mrhinkydink is not to be confused with the blogger by the same name
at www.dailykos.com
c. MMVII mrhinkydink
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Protected by Websense Messaging Security ? www.websense.com
Customers do not need to download nor install any new patch for this
fix. It was automatically updated and installed with our nightly
protocol signature updates.
-----Original Message-----
From: full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed]
[mailto:full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed]] On Behalf Of The
Security Community
Sent: Wednesday, December 12, 2007 3:32 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]; Full-Disclosure
Subject: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass
Mr. HinkyDink would like to share the following with the Security
Community...
---------- Forwarded message ----------
From: <dink (at) mrhinkydink (dot) com [email concealed]>
Date: Dec 12, 2007 6:05 PM
Subject: Websense 6.3.1 Filtering Bypass
To: thesecuritycommunity (at) gmail (dot) com [email concealed]
Please share this with your little friends...
------------------------------------------
Websense Policy Filtering Bypass
================================
discovered by mrhinkydink
PRODUCT: Websense Enterprise 6.3.1
EXPOSURE: Web Filtering Bypass
SYNOPSIS
========
By spoofing the User-Agent header it is possible to bypass filtering
and,
to a lesser extent, monitoring in a Websense Enterprise 6.3.1
environment.
PROOF OF CONCEPT
================
The following was tested in an unpatched 6.3.1 system using the ISA
Server
integration product. It is assumed it will work with other integration
products but this has not been tested. Other User Agents may also work.
I. Install FireFox 2.0.x
II. Obtain and install the User Agent Switcher browser plug-in by Chris
Pederick
III. Add the following User Agents to the plug-in
Description: RealPlayer
User Agent : RealPlayer G2
Description: MSN Messenger
User Agent : MSMSGS
Description: WebEx
User Agent : StoneHttpAgent
IV. Change FireFox's User Agent to any one of the preceding values
V. Browse to a filtered Web site
VI. Content is allowed
Content browsed via this method will be recorded in the Websense
database
as being in the "Non-HTTP" category.
Demonstration: http://www.youtube.com/watch?v=pKv41ge8XcQ
SEE ALSO
========
Websense KnowledgeBase article #976
The vendor acknowledges this behavior in the aforementioned article.
WORKAROUND
==========
Disable the protocols mentioned above.
VENDOR RESPONSE
===============
Websense has repaired this issue in database #92938
NOTICE
======
mrhinkydink is not to be confused with the blogger by the same name
at www.dailykos.com
c. MMVII mrhinkydink
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Protected by Websense Messaging Security ? www.websense.com
[ reply ]