interMute (www.intermute.com) is a junk filter/privacy enhancer for web browsers. It runs as either a privileged Java applet within your browser, or as a standalone Java application. interMute operates as a proxy server listening on port 4444, and is meant to operate dedicated to a single user. It correctly rejects any service requests from IP addresses not on the local host. However, it has no mechanism to determine whether requests coming from the local host originated from the browsing user, or some other user. The interMute proxy has a "home page" from which the user can configure it and view filtering statistics for the current session. A local user on a UNIX host can connect to another user's interMute proxy, giving him full control over interMute. Thus various attacks and intrusions are possible: 1) The sites which were acted upon by interMute are listed in the "statistics" area, thus revealing part of the user's browsing history; 2) interMute can be configured to chain to another proxy, thus allowing all browsing activity to be redirected and logged without the user's knowledge; 3) interMute can be configured to load a home page which could contain hostile Java and/or JavaScript code; 4) Various denial of service attacks are possible by reconfiguring interMute's filters. I was unable to trick it into handling "file:" URLs or retrieving files off the disk, except for files in the interMute home directory. Reported to the vendor on July 9; no reply received. -- John W. Temples, III
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:40 PDT