Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » 'Malicious-URL' Feature may be Circumvented Using IP Fragmentation

'Malicious-URL' Feature may be Circumvented Using IP Fragmentation

by Nikola Strahija on November 28th, 2002 Affected Products: All firewall/VPN appliances and systems


Affected Software Releases: ScreenOS 2.7.1, 2.8, 3.0, 3.1, 4.0

Max Risk: Low

Summary:

In response to the Code-Red events in the winter of 2001/2002 NetScreen added a feature to it's firewalls that can be used to block access to given URLs on external web servers. This feature was designed to assist network administrators quickly restrict access to web content until a more thorough solution could be implemented.

A vulnerability has been discovered in the implementation of this 'Malicious-URL' blocking feature that could allow an http client to bypass the this screening and view a protected URL. By carefully fragmenting the URL in the http header into many IP fragments, the feature could be circumvented.

Recommended Actions:

Any or all of

(1) Upgrade to ScreenOS 4.0.1 or later

(2) Minimize the time that Malicious-URLs are defined on the firewall

(3) Install all vendor patches on at-risk servers when released

How to Get ScreenOS:

If you have registered your product with NetScreen and have a valid service contract, you can simply download the software from:
http://www.netscreen.com/support/updates.html

You will be prompted for your User ID and Password. Enter the whole or part of your company name as your User ID and enter your registered NetScreen device serial number as the password.

If you have not yet registered your product with NetScreen, you will need to contact NetScreen Technical Support for special instructions on how to obtain the fixed software. NetScreen Technical Support is available 24 hours a day, 365 days a year. Contact information can be located at http://www.netscreen.com/support/technical_assistance.html

Please reference this Advisory title as evidence of your entitlement to the fixed software version.

NetScreen authorized Value Added Resellers have access to NetScreen software versions and may also be a channel through which to obtain the new release.



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »