- Jul 22, 2014
- 2,525
This gets interesting when you find your way into a mail server, says dev who found it
Stop us if you've heard this one: Java and Python have a bug you can exploit to cross firewalls. Since neither are yet patched, it might be a good day to nag your developers for a bit.
The Java vulnerability means protocol injection through its FTP implementation can fool a firewall into allowing TCP connections from the Internet to hosts on the inside.
That's explained in rather more detail in two documents: this, by Alexander Klink, and this, by Blindspot Security's Timothy Morgan.
Klink's discovery was that Java's XML eXternal Entity (XEE) mishandles FTP connections, because it doesn't syntax-check the username Java passes to a server.
Specifically, cr and lf should be rejected but aren't, allowing non-FTP commands to be injected into a connection request. Klink's demonstration showed how to send an SMTP e-mail in an FTP connection attempt (even though the FTP connection failed).
more in the link above
Stop us if you've heard this one: Java and Python have a bug you can exploit to cross firewalls. Since neither are yet patched, it might be a good day to nag your developers for a bit.
The Java vulnerability means protocol injection through its FTP implementation can fool a firewall into allowing TCP connections from the Internet to hosts on the inside.
That's explained in rather more detail in two documents: this, by Alexander Klink, and this, by Blindspot Security's Timothy Morgan.
Klink's discovery was that Java's XML eXternal Entity (XEE) mishandles FTP connections, because it doesn't syntax-check the username Java passes to a server.
Specifically, cr and lf should be rejected but aren't, allowing non-FTP commands to be injected into a connection request. Klink's demonstration showed how to send an SMTP e-mail in an FTP connection attempt (even though the FTP connection failed).
more in the link above
