Re: Patch for InterScan VirusWall for Unix now available

[unicorn () BLACKHATS ORG (The Unicorn)]

On Thu, Feb 25, 1999 at 12:28:46PM -0800, Bob Li wrote:
> We have been recently notified about  a potential security hole in our
> InterScan  Web  VirusWall  for  Solaris  product  via  the  "BlackHats
> Security Advisory".  The potential problem described  relates to being
> able to download binaries and virus infected files by using HTTP proxy
> "keep-alive" connections.
>
> We have looked into the description of the problem and have identified
> that  there  was  a  problem  with  the  software.  As  a  result,  we
> are  issuing  a patch  which  can  be  obtained  from Trend  Micro  at
> http:://www.antivirus.com to resolve the problem.

We have  received an  early release  of this  fix and  tested it  in our
configuration after which we were unable to use our exploit as described
in  our  earlier advisory.  The  fix  disables HTTP  proxy  "keep-alive"
messages, thus ensuring  that only the data of the  first GET command in
the message is returned.

> This issue applies to InterScan for  Solaris and HP-UX. The Windows NT
> version of InterScan does not have this problem.
>
> Bob Li
> Product Manager
> Trend Micro, Inc.
> E-Mail: bob_li () trendmicro com
> Phone: 408-863-6341
---end quoted text---

Ciao,
Unicorn.
--
======= _ __,;;;/ TimeWaster ================================================
     ,;( )_, )~\| A Truly Wise Man Never Plays
    ;; //  `--;     Leapfrog With A Unicorn...
==='= ;\ = | ==== Youth is Not a Time in Life, It is a State of Mind! =======