what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

surfcontrolsmtp46.html

surfcontrolsmtp46.html
Posted Jul 20, 2003
Authored by Lee Bowyer | Site networkpenetration.com

SurfControl Filter for SMTP v4.6 filtering technology can be easily bypassed when more than 16 zip files are nested inside of a zip file. The filter only scans the first 15 files inside of a zip file, therefore allowing malicious files through.

tags | advisory
SHA-256 | 7f7a7c8a3fdfd9d45c5ba94f09507688d327706df17639120f7454885acb3b89

surfcontrolsmtp46.html

Change Mirror Download
<html>
<title> Network Penetration .com </title>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Description" CONTENT="Network Penetration - security research and tools.">
<META NAME="Keywords" CONTENT="network penetration it security computer hacking hack whitehat blackhat">
</head>
<!-- written by Lee@networkpenetration.com -->
<body bgcolor=00369B link=A5EdEa vlink=A3EbE8 alink=A4ECE9></body>

<table border=0 CELLSPACING=7 CELLPADDING=7>

<TR>
<TD valign=top width=150>

<table border=0 CELLSPACING=3 CELLPADDING=3>
<tr>
<TD valign=top width=150 align=center>

<img src="images/enp.jpg" alt="">

</td>
<tr>
<TD valign=top width=150 align=center>
<!-- not done yet
<a href="about.html">
<img src="images/btnAbout.jpg" border=0 alt="about"></a>
-->
</td>
<tr>
<TD valign=top width=150 align=center>

<a href="papers.html">
<img src="images/btnPapers.jpg" border=0 alt="papers"></a>

</td>
<tr>
<TD valign=top width=150 align=center>

<a href="advisories.html">
<img src="images/btnAdvisories.jpg" border=0 alt="advisories"></a>

</td>
<tr>
<TD valign=top width=150 align=center>

<a href="downloads.html">
<img src="images/btnDownloads.jpg" border=0 alt="downloads"></a>

<!-- not done yet

</td>
<tr>
<TD valign=top width=150 align=center>

<a href="services.html">
<img src="images/btnServices.jpg" border=0 alt="services"></a>

-->

</td>
<tr>
<TD valign=top width=150 align=center>

<a href="mailto:root@networkpenetration.com">
<img src="images/btnContact.jpg" border=0 alt="root@networkpenetration.com"></a>

</td>
<tr>
<TD valign=top width=150 align=center>

<font style="COLOR: #A4ECE9; FONT: 7pt verdana"><b>
(c)copyright 2003 networkpenetration.com
</b></font>

</td>
</table>

</td>

<TD valign=top>

<table border=0 CELLSPACING=0 CELLPADDING=0>
<tr>
<TD align=center>
<img src="images/netpen.jpg" alt="Network Penetration">
</td>
<tr>
<td>
<img src="images/space.gif" alt="">

</td>
<tr>
<TD align=left>

<!-- contentcontentcontentcontentcontentcontentcontentcontentcontent -->
<!-- insert content here --><font style="COLOR: #A4ECE9; FONT: 7pt verdana"><b>

SurfControl Filter for SMTP v4.6 bypass via nested zips<BR>
::::::::::::::::::::::::::::::::::::::::::::::::::::::-<BR>
Discovered By Lee Bowyer Lee@networkpenetration.com (5/Jul/03)<BR>
<BR>
<BR>
SurfControl Filter for SMTP allows for SurfControl's filtering technology to be bolted on to your existing smtp server.<BR>
<BR>
The rules engine contains a flaw whereby if an attachment is a .zip and it contains more than 15 zip files, the 16th zip file will not be scanned by the filter.<BR>
<BR>
This probably works with other achive/file types and possibly on other SurfControl products.<BR>
<BR>
Bypass<BR>
::::::<BR>
<BR>
In order to bypass the filter build a .zip as below:<BR>
<BR><pre><b>
attach.zip - dummy_folder - a.zip - junk.txt<BR>
- b.zip - junk.txt<BR>
- c.zip - junk.txt<BR>
- d.zip - junk.txt<BR>
- e.zip - junk.txt<BR>
- f.zip - junk.txt<BR>
- g.zip - junk.txt<BR>
- h.zip - junk.txt<BR>
- i.zip - junk.txt<BR>
- j.zip - junk.txt<BR>
- k.zip - junk.txt<BR>
- m.zip - junk.txt<BR>
- n.zip - junk.txt<BR>
- o.zip - junk.txt<BR>
- p.zip - junk.txt<BR>
- z.zip - sneaky.exe << Passes thru!<BR>
<BR></pre>
(The filter sorts the files in attach.zip alphabetically so we name our files a,b,c,etc to be sure that z.zip is last)<BR>
<BR>
<BR>
Recommendation<BR>
::::::::::::::<BR>
<BR>
Tricky, realisticly you can't open all .zips inside .zips - it is very easy to make a very small zip with tens of thousands of zips in, and each of those have many etc. - and if you tried to open such a file you would probably DoS the filter anyhow.<BR>
<BR>
SurfControl have chosen a threshold of 15 zips, which while being a little low is understandable, perhaps some sort of 'excessive archiving' filter is the answer.<BR>
<BR>
<BR>
Network Penetration<BR>
www.networkpenetration.com<BR>
Copyright (c) 2003 Lee Bowyer<BR>
Lee@networkpenetration.com<BR>

<!-- end of content -->
<!-- contentcontentcontentcontentcontentcontentcontentcontentcontent -->

</b>
</font>
<br><br><br><br><br>
<font style="COLOR: #00369B; FONT: 7pt verdana">
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
</font>
</td>

</table>
<!-- written by Lee@networkpenetration.com -->
</html>
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close