[NEWS] NETGEAR RP114 URL Filter Failure When URL Too Long

From: SecuriTeam (support_at_securiteam.com)
Date: 05/25/04

  • Next message: SecuriTeam: "[UNIX] e107 Multiple Vulnerabilities (Path Disclosures, File Inclusions and SQL Injections)" 
    To: list@securiteam.com
Date: 25 May 2004 14:05:53 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      NETGEAR RP114 URL Filter Failure When URL Too Long
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.netgear.com/> NETGEAR "has some small router and firewalling
    devices for home users and small companies (SOHO). Most of these solutions
    are able to do a simple keyword based URL filtering".

    When an overly long URL is being filtered by the NETGEAR router it fails
    and allows any access restrictions to be lifted, therefore nullifying the
    effect of the filters that were imposed by the administrator.

    DETAILS

    Vulnerable Systems:
     * Netgear RP114

    When a filter on a URL is placed and the rule is triggered, the person
    attempting to view the URL will receive an HTML page saying, "Block by
    NETGREAR". However, if the URL used to access the site is longer than 220
    bytes, no triggering will occur and the request will be silently approved.

    For example, a URL such as the following is possible:
    http://www.scip.ch/?%20%20%20%20%20%20%20%20%20%20%20%20%20
    %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20
    %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20
    %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20

    An attacker may be able to evade the URL black list and get access to
    disallowed resources.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:marc.ruef@computec.ch> Marc
    Ruef.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[UNIX] e107 Multiple Vulnerabilities (Path Disclosures, File Inclusions and SQL Injections)"

    Relevant Pages

    • [TOOL] DansGuardian - Web Content Filter
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... PICS filtering and URL filtering. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [NEWS] D-Link DIR-100 Long URL Filter Evasion
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... D-Link DIR-100 Long URL Filter Evasion ... It is possible to exploit the vulnerability with a common web browser by ... We suggest the use of another device for filtering forbidden web resources ...
      (Securiteam)
    • [NEWS] Yahoo! Mail Cross-Site Scripting Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Finjan has discovered a script injection vulnerability in Yahoo! ... Yahoo s mobile code filtering mechanism is based on an active content ... of the JavaScript protocol and upon identification ...
      (Securiteam)
    • [NEWS] Websense Policy Filtering Bypass (User-Agent)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... By spoofing the User-Agent header it is possible to bypass filtering and, ... monitoring in a Websense Enterprise. ... Obtain and install the User Agent Switcher browser plug-in by Chris ...
      (Securiteam)
    • [NEWS] NetGear RP114 Flooding DoS
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... NetGear RP114 Flooding DoS ... an attack my misusing a port scanning utility. ... connections to the affected device remains possible (e.g. connection to ...
      (Securiteam)