Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: FireWall-1 FTP Server Vulnerability
From: chess () US IBM COM (chess () US IBM COM)
Date: Fri, 18 Feb 2000 16:22:19 -0500


a firewall has an icicle's chance in hell of adequately
mimicking a system it is supposed to protect if it does so purely on
the assumption that the code it is protecting works "correctly" by
the firewall developer's interpretation of "correct".

Or, for that matter, by the official protocol spec's notion of "correct".
And there, of course, is the rub!  There's always some obscure syntax that
as far as the firewall developer knows or the specs say has no interesting
semantics at all, but that in fact some client or intervening server in the
protected system interprets to mean "broadcast your password file to the
universe" or "interpret the following bytes as a Perl script" or "set fire
to the CPU".  This also makes it hard to block JavaScript in your proxy,
remove HTML markup from comments entered into your guestbook, or compose
secure SQL queries based partially on user input.  Kinda draws together a
bunch of themes we've seen here lately!  *8)

Solutions?  Maybe if all protocols for reading semantics from datastreams
were specified in terms of completely automatable formal descriptions, and
any manufacturer caught including semantics not described by the relevant
published formal spec was declared a pariah...  Not in this unverse, I
suspect!  But we can try to slog along in that direction.  Other solutions?

DC
http://www.research.ibm.com/people/c/chess/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]