CyberSitter Traffic Filter Issue

1998-01-20T00:00:00
ID OSVDB:2931
Type osvdb
Reporter OSVDB
Modified 1998-01-20T00:00:00

Description

Vulnerability Description

Legacy versions of CyberSitter contains a flaw that causes the system to inadvertantly filter harmless and legitimate traffic. Due to the program installing software that modifies the TCP stack, all traffic to/from the box passes through the CyberSitter filter. The checks performed to identify bad traffic are poorly written causing the filter to flag legitimate traffic as bad.

Technical Description

The paranoid filtering will take the following two lines of C code: #define one 1 / foo menu / #define two 2 / bar baz / and edit both lines due to the word "nude" (menu */ #de) appearing in it.

Solution Description

Upgrade to version "2003" or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Legacy versions of CyberSitter contains a flaw that causes the system to inadvertantly filter harmless and legitimate traffic. Due to the program installing software that modifies the TCP stack, all traffic to/from the box passes through the CyberSitter filter. The checks performed to identify bad traffic are poorly written causing the filter to flag legitimate traffic as bad.

References:

Generic Informational URL: http://ricardo.ecn.wfu.edu/~plug/mail_archive/9908/0533.html