Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: surfCONTROL SuperScout v2.6.1.6 flaw

surfCONTROL SuperScout v2.6.1.6 flaw

From: Mike, C <civ_at_GBIS.COM>
Date: Thu, 3 Feb 2000 05:28:32 -0000

Vulnerable Apps/Platforms:
-So far, surfCONTROL SuperScout 2.6.1.6, Only version
tested, with rules blocking based on web site category.
Complete No Access rules still successfully block.
-Possibly all previous versions.
-This vulnerability voids the ability to block users based
on category.
-Discovered on NT Server 4.0 SP5

Non-Vulnerable Apps:
-N/A

Vulnerability:
-Blocking Internet access based on surfCONTROL's
categorization of a particular site.
-Example: Rule - No Access to Adult sites Anytime
-"www.playboy.com" successfully blocked.
-"www.playboy.com." let right through the filter.
-"www.penthouse.com" successfully blocked.
-"www.penthouse.com." let right through the filter.

Exploit:
-One of the product's features is it's ability to block a
user from viewing a particular web site based on a
classification database. Inside this database, web sites
like www.playboy.com are categorized. Among the categories
are Adult, Gambling, Sports, etc. Rules can be implemented
based on user, time, category (Example: Disallow Everyone
to Adult sites at anytime throughout the day)
-With IE5, behind surfCONTROL's rules, attempt to visit a
restricted site (this will vary on the admin's rules.)
-Add a "." (period) after the blocked URL.
-Access is granted.
-The web site/activity is logged by surfCONTROL, however
the "." bypasses the categorization. Within the logs, such
a site will show with a category of "None"

Solution:
-The vendor was notified of this hole on the 7th of
January, 2000. Subsequent notifications were sent regarding
the severity of this flaw.
-No patch is available to date.

References:
-Unknown. I have briefly searched to see if this is old
news, but discovered nothing.

History:
-surfCONTROL tech support was initially contacted with full
details on this hole and how to duplicate the behavior on
Jan 7, 2000.
-No information regarding a patch release or status was
ever volunteered until two follow-up e-mails were sent
regarding the severity of this flaw and the timely manner
to which it should be resolved.
-I have received an e-mail stating a tentive date of Jan
31, 2000, for the availability of a downloadable patch from
the website. Still nothing has been released.
Received on Feb 03 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]