RealTime IT News

Traffic-Scanning Flaw Hits 90+ Vendors

It's not every day that US-CERT warns of a flaw that is potentially so widespread that it could affect more than 90 vendors covering a huge swath of the IT industry.

US-CERT's HTTP content scanning systems full-width/half-width Unicode encoding bypass flaw could potentially be one of the most widespread networking security flaws discovered in years. If exploited, a malicious user could use the bypass to attack a vulnerable environment.

According to US-CERT, an attacker could send a malicious HTTP packet to the vulnerable content scanning system (part of an IPS/IDS or firewall application), which would take advantage of a flaw in how the systems handle certain types of full-width and half-width Unicode characters . Unicode has recently become a standard approach for handling internationalization by being able to represent different international language character sets.

Though the flaw could lead to an attack, it isn't necessarily a direct attack vector.

"This isn't an exploit itself, but allows exploits that would normally be detected (or blocked) to get through your IDS/IPS undetected," John Bambenek of the Internet Storm Center at SANS, wrote in a blog posting.

Cisco has confirmed that its Cisco Intrusion Prevention System and Cisco IOS with Firewall/IPS Feature Set products are vulnerable to the flaw. Cisco notes in its advisory that it is not aware of any malicious use of the vulnerability.

Though Cisco was among the first vendor to release a security alert for the flaw, there is a very long list of vendors that remain potentially vulnerable.

Among those US-CERT lists include: 3com, Alcatel, Avaya, D-Link Systems, Debian GNU/Linux, EMC, Fedora Project, Gentoo Linux, Hitachi, IBM, Intel, Linksys (a division of Cisco), Lucent, McAfee, Microsoft, Nokia, Nortel, Novell, Red Hat, Sony, Sun and Symantec.

It is unclear as to how the vendors plan to fix the potential flaw. 3Com said in its advisory on the flaw that it has already updated its software to address the issue.