-=PCTechTalk=- Security Bug in Norton's AV

Posted on another list I belong to...............

See Below.

  Regards from the
"Keyboard Cowboy",

   Master NetLord
         ,,,,,,,,
         Ô¿Ô¬
   Cincinnati, Ohio
Scottsdale, Arizona
«:»¤«:»¤¤¤«:»¤«:»
Tuesday
07/30/2002
9:32:44 AM
«:»¤«:»¤¤¤«:»¤«:»

People are always blaming their circumstances for what they are. I
don't believe in circumstances. The people who get on in this world
are the people who get up and look for the circumstances they want,
and, if they can't find them, make them.

-- George Bernard Shaw

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
To: BugTraq
Subject: One more way to bypass NAV
Date: Mar 22 2002 10:24AM
Author: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Message-ID: <5087600242.20020322132442@xxxxxxxxxxxxxxxx>
Dear BUGTRAQ@xxxxxxxxxxxxxxxxx,

I've updated "Bypassing content filtering software" whitepaper 
http://www.security.nnov.ru/advisories/content.asp to include new way to bypass 
content 
filtering software. It confirmed to work with NAV and not to work with McAffee 
and KAV 
(AVP).

Symantec was contected via support@xxxxxxxxxxxx and symsecurity@xxxxxxxxxxxx 
and didn't 
reply.

13.Case sensitivity of Content-Type and Content-Disposition

Most MUAs ignore case of Content-Type and Content-Disposition headres while 
content 
filtering software may behave in different way. It makes it possible to bypass 
content-
filtering software by using header like

CONTENT-type: text/plain;
NAme=\"eicar.com\"

P.S. thanks to everyone on vuln-dev who participated in testing.

--
http://www.security.nnov.ru
/\_/ { , . } |+--oQQo->{ ^ }<-----+ | ZARAZA U 3APA3A }
+-------------o66o--+ /
|/
You know my name - look up my number (The Beatles)


To unsub or change your email settings:
http://www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
http://www.freelists.org/archives/pctechtalk/

Other related posts: