7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS?
- From: Surya Batchu <suryak_batchu@xxxxxxxxx>
- Date: Wed, 14 Mar 2007 23:07:13 -0700 (PDT)
Hi,
Please see this advisory: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3051
This attack can be launched remotely by sending specially crafted data in archived file.
Which security solutions are expected to catch these kinds of attacks? It seems that NIPS/NIDS solution typically check for buffer overflow attacks at protocol level, but not at the file/archive level. If so, is it fair to assume that only security solutions running, on the client machine, catch these kjinds of attacks. Any insight is appreciated.
Thanks
Surya
____________________________________________________________________________________
It's here! Your new message!
Get new email alerts with the free Yahoo! Toolbar.
http://tools.search.yahoo.com/toolbar/features/mail/
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- Follow-Ups:
- RE: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS?
- From: Oleg Kolesnikov x 133
- Re: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS?
- From: Michael Scheidell
- Re: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS?
- From: Michael Scheidell
- RE: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS?
- Prev by Date: Re: Fwd: Solaris 10 x86 HIDS
- Next by Date: Re: Bittorrent - utorrent
- Previous by thread: Fwd: Solaris 10 x86 HIDS
- Next by thread: Re: 7-ZIP ARJ Archive Processing stack overflow - Is there any role for Network IPS?
- Index(es):
