[
Lists Home |
Date Index |
Thread Index
]
Bullard, Claude L (Len) wrote,
> Yep. However, since packets are sniffable?
Umm ... you've not been paying attention, have you ;-)
Other than the stuff David mentioned, the external entity attacks I
disussed here,
http://lists.xml.org/archives/xml-dev/200206/msg00240.html
http://lists.xml.org/archives/xml-dev/200206/msg00247.html
are directly applicable if RDDL documents are retrieved recklessly.
Elliotte RH's XInclude attack is similar,
http://lists.xml.org/archives/xml-dev/200210/msg01461.html
and he came up with another entity variant here,
http://lists.xml.org/archives/xml-dev/200211/msg00027.html
And there was also the BugTraq advisory reporting poor choices of
default retreival behaviour for external entities here by several
widely deployed parsers,
http://online.securityfocus.com/archive/1/297714/2002-10-27/2002-11-02/0
I wouldn't be at all surprised if we see another one some time in the
future reporting poor choices of retrieval behaviour for RDDL
documents.
Cheers,
Miles
|