Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

Re: Core RuleSet say that protect buffer overflows, but where are this rule: msg#00119

apache.mod-security.user

Subject: Re: Core RuleSet say that protect buffer overflows, but where are this rules?

 

I agree that Buffer Overflow is not the Core Rule Set forte, as serious buffer overflow protection requires positive security. However it does contain two mechanisms that help prevent Buffer Overflows, both requiring user modifications

 

- Validating character sets (file #20). Due to international applications requirements the default for validating parameters is to accept any character accept null, but the remark suggests to limit this further to prevent binary based Buffer Overflow attacks. For headers the default is good.

 

- File #30 includes limits on different lengths. By default these lines are commented as to not break any application but you may want to uncomment the line.

 

~ Ofer

 

From: mod-security-users-bounces@xxxxxxxxxxxxxxxxxxxxx [mailto:mod-security-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Danett song
Sent: Tuesday, January 23, 2007 6:56 AM
To: mod-security-users@xxxxxxxxxxxxxxxxxxxxx
Subject: [mod-security-users] Core RuleSet say that protect buffer overflows,but where are this rules?

 

Hi there,

I seen in modsecurity homepage that Core Rule Set protect against Buffer Overflows, as we can see in http://www.modsecurity.org/projects/rules/index.html

  • SQL Injection
  • Cross-Site Scripting (XSS)
  • OS Command execution
  • Remote code inclusion
  • LDAP Injection
  • SSI Injection
  • Information leak
  • Buffer overflows
  • File disclosure

However I looked in Core Rule Set file from modsecurity 2.0 (http://www.modsecurity.org/download/modsecurity-core-rules_2.0-1.2.tar.gz) and I can't locate any rule that protect against overflows.

So I thinked that it should be builded internaly in modsecuruty, however I constructed a fast cgi application vulnerable to a overflow (via strcpy) and exploit it sucesful via web without modsecurity warn about it. :(

What happen with the Buffer Overflows checks?

OBS: If it's not avaible, anyone have any example how this kind can be avaible? Any external resource that provide rules to check Buffer overflows?

Thank you,

Cheers

 __________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
mod-security-users mailing list
mod-security-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/mod-security-users
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Mod_security performance, log in database and SSL., David Fletcher
Next by Date:  Help with exclusion, Verdon Vaillancourt
Previous by Thread:  Core RuleSet say that protect buffer overflows, but where are this rules?, Danett song
Next by Thread:  modsec working but failing with core rules, Edward Prendergast
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
hardware.arm.at...    cms.citadel.dev...    video.gstreamer...    java.facelets.u...    misc.basics.qna...    web.wiki.instik...    network.uip.use...    xdg.devel/2003-...    tex.bibtex.bibd...    finance.quotesp...    ietf.zeroconf/2...    redhat.blinux.g...    suse.db2/2003-0...    php.phpesp/2004...    uml.devel/2003-...    gnome.labyrinth...    qnx.openqnx.dev...    boot-loaders.gr...    db.dataperfect....    audio.audacity....    linux.uclinux.m...    editors.j.devel...    os.openbsd.tech...    kde.users.multi...   
Home | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation