Buffer Overflow Vulnerability attempt detected (CAN-2004-200) - Firewalls

This is a discussion on Buffer Overflow Vulnerability attempt detected (CAN-2004-200) - Firewalls ; Hello, Does anyone know how to test for this? Someone said that they get that error when they visit my website. I think is got to be related to the pull down menu script but I havent seen anything like ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Buffer Overflow Vulnerability attempt detected (CAN-2004-200)

  1. Buffer Overflow Vulnerability attempt detected (CAN-2004-200)

    Hello, Does anyone know how to test for this? Someone said that they
    get that error when they visit my website. I think is got to be
    related to the pull down menu script but I havent seen anything like
    this before.


  2. Re: Buffer Overflow Vulnerability attempt detected (CAN-2004-200)

    On 20 Feb 2007 05:29:06 -0800, "joe" wrote:

    >Hello, Does anyone know how to test for this? Someone said that they
    >get that error when they visit my website. I think is got to be
    >related to the pull down menu script but I havent seen anything like
    >this before.


    Since this is an old vulnerability that requires the use of a specially
    crafted JPEG image, I would start by determining which JPEG image is
    causing the problem. If a machine that has IPS protection attempts to open
    a page on your web site, but does not receive some of the images, then you
    should replace those images with something else and see if the problem goes
    away. There are other ways to determine which JPEG is causing the problem,
    but you will need to know how the CAN-2004-200 vulnerability works in order
    look for the pattern within the JPEG file. You could try reading this
    paper about this vulnerability (and vulnerabilities associated with JPEG
    files) http://www.infosecwriters.com/text_r...s/pdf/JPEG.pdf

  3. Re: Buffer Overflow Vulnerability attempt detected (CAN-2004-200)

    On 20 Feb 2007, in the Usenet newsgroup comp.security.firewalls, in article
    <1171978146.366798.55130@t69g2000cwt.googlegroups.c om>, joe wrote:

    >Hello, Does anyone know how to test for this? Someone said that they
    >get that error when they visit my website. I think is got to be
    >related to the pull down menu script but I havent seen anything like
    >this before.


    Web Results 1 - 10 of about 31 for CAN-2004-200. (0.31 seconds)

    [PDF] JPEG Vulnerability: A day in the life of the JPEG Vulnerability
    File Format: PDF/Adobe Acrobat - View as HTML
    Your browser may not have a PDF reader available. Google recommends
    visiting our text version of this document.
    Buffer Overrun in JPEG Processing. CVE. CAN-2004-200.
    http://www.cve.mitre.org/cgi-bin/cve...=CAN-2004-0200. BUGTRAQ.
    20040914 ...
    http://www.infosecwriters.com/text_r...s/pdf/JPEG.pdf - Similar pages

    You might also ask "Someone" what kind of web browser they're trying to
    use, and what kind (if any) of "firewall".

    Old guy

  4. Re: Buffer Overflow Vulnerability attempt detected (CAN-2004-200)

    On Feb 20, 12:07 pm, Default User wrote:
    > On 20 Feb 2007 05:29:06 -0800, "joe" wrote:
    >
    > >Hello, Does anyone know how to test for this? Someone said that they
    > >get that error when they visit my website. I think is got to be
    > >related to the pull down menu script but I havent seen anything like
    > >this before.

    >
    > Since this is an old vulnerability that requires the use of a specially
    > crafted JPEG image, I would start by determining which JPEG image is
    > causing the problem. If a machine that has IPS protection attempts to open
    > a page on your web site, but does not receive some of the images, then you
    > should replace those images with something else and see if the problem goes
    > away. There are other ways to determine which JPEG is causing the problem,
    > but you will need to know how the CAN-2004-200 vulnerability works in order
    > look for the pattern within the JPEG file. You could try reading this
    > paper about this vulnerability (and vulnerabilities associated with JPEG
    > files)http://www.infosecwriters.com/text_r...s/pdf/JPEG.pdf


    According to:
    http://marc.theaimsgroup.com/?l=bugt...4346729948&w=2

    Detection
    ------------------------

    Detection could be accomplished by examining the JPEG image for the
    following byte sequence:

    0xFF 0xFE 0x00 0x00 or 0xFF 0xFE 0x00 0x01


+ Reply to Thread