junkbuster 2.0-1 proxy relaying spam

From: Andrew Daviel (andrewat_private)
Date: Mon Dec 23 2002 - 02:11:41 PST

Next message: Stephan Sachweh: "Antwort: Openwebmail 1.71 remote root compromise"

Previous message: jrodrigaat_private: "Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I just found a "junkbuster" proxy on a RedHat 6.2 machine
being used to relay spam - a bit ironic, considering the
intention of the program.

This is junkbuster-2.0-1 installed as part of a 
"complete install" on RedHat 6.2.
It seems that the default install sets no ACL, no logging,
and starts the program on boot.

This is not the buffer overflow reported in 1998. It is
a simple use of the HTTP CONNECT method similar to the Korean
school Apache proxies 

The default for junkbuster 2.0-2 is to listen on localhost only,
so modern installs should be safe.

-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
securityat_private

Next message: Stephan Sachweh: "Antwort: Openwebmail 1.71 remote root compromise"
Previous message: jrodrigaat_private: "Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 24 2002 - 01:23:42 PST