Firewall Wizards mailing list archives
Re: Buffer Overruns
From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Fri, 17 Dec 1999 16:06:52 -0500
On Fri, Dec 17, 1999 at 06:16:32AM -0500, Michael Kelly wrote:
I really feel silly asking this, but; Can these buffer overrun bugs penetrate firewalls? I'm trying to convince the boss to ditch IE in favor of Netscape. (which is only slightly better)
Yes, unless it is a proxied firewall that specifically looks for and excludes them. I believe some of the code that "breaks" complex HTTP in old FWTK was there to protect browsers in just such cases. Of course, because it "breaks" some code, the users don't want that protection ... -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Buffer Overruns Michael Kelly (Dec 17)
- Re: Buffer Overruns Joseph S D Yao (Dec 18)
- Re: Buffer Overruns Marcus J. Ranum (Dec 18)
- Re: Buffer Overruns Crispin Cowan (Dec 18)
- Re: Buffer Overruns Michael Kelly (Dec 20)
- Re: Buffer Overruns Matt Curtin (Dec 18)
- Re: Buffer Overruns Frederick M Avolio (Dec 20)
- RE: Buffer Overruns Michael D. Hunter-Linville (Dec 21)
- Re: Buffer Overruns Saravana Ram (Dec 24)
- Re: Buffer Overruns Frederick M Avolio (Dec 20)
- <Possible follow-ups>
- Re: Buffer Overruns Ryan Russell (Dec 18)
- Re: Buffer Overruns Steven M. Bellovin (Dec 18)
- Re: Buffer Overruns Vin McLellan (Dec 20)