[Full-Disclosure] Correction to latest Colsaire advisories
Date: Mon Sep 13 2004 - 10:18:09 EDT
Just to keep correctness.
Colsaire could provide better service to it's customers by better
researching available information on researched topic.
Most of reported content filtering bypassing techniques are already
known and described in [1] with credentials believed to be valid.
MIME RFC2231 encoding issue - David F. Skoll
MIME RFC2047 encoding issue - different authors (different problems were
discovered, information from Colsaire advisory is not enough).
Content-Transfer-Encoding mechanism issue - different authors
MIME field multiple occurrence issue - 3APA3A
MIME separator issue - 3APA3A
MIME field whitespace issue - 3APA3A
MIME RFC822 comment issue (at least partially) - 3APA3A
There is also a _lot_ of different bypass techniques Colsaire failed to
discover.
[1] 3APA3A, Bypassing content filtering whitepaper
http://www.security.nnov.ru/advisories/content.asp
-- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-------------o66o--+ / |/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.htmlReceived on Mon Sep 13 10:45:11 2004
This archive was generated by hypermail 2.1.8 : Mon Sep 13 2004 - 11:05:18 EDT
