SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Internet Junkbuster Vendors:  Junkbusters Corp.
Junkbuster Proxy Default Configuration on Red Hat Linux Lets Remote Users Send SPAM Via the Proxy
SecurityTracker Alert ID:  1005851
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 23 2002
Impact:  Host/resource access via network
Fix Available:  Yes  
Version(s): 2.0-1, as distributed with Red Hat
Description:  A default configuration vulnerability was reported in junkbuster-2.0-1 as installed on Red Hat 6.2. A remote user can access the proxy to send SPAM e-mail.

It is reported that the "complete install" on Red Hat 6.2 installs junkbuster-2.0-1 with no access control lists and no logging and starts the application on system boot. A remote user can connect to the proxy and then use an HTTP CONNECT command to send mail to other servers via the proxy.
Impact:  A remote user can connect to the proxy and then connect to arbitrary servers. This can be used to send SPAM e-mail via the proxy.
Solution:  According to the report, default installation of junkbuster 2.0-2 is configured to run the proxy on the localhost interface, preventing remote users from connecting to the proxy.
Vendor URL:  internet.junkbuster.com/ijb.html (Links to External Site)
Cause:  Access control error
Underlying OS:  Linux (Red Hat)
Reported By:  Andrew Daviel <andrew@andrew.triumf.ca>
Message History:   None.

 Source Message Contents
Date:  Mon, 23 Dec 2002 02:11:41 -0800 (PST)
From:  Andrew Daviel <andrew@andrew.triumf.ca>
Subject:  junkbuster 2.0-1 proxy relaying spam

 


I just found a "junkbuster" proxy on a RedHat 6.2 machine
being used to relay spam - a bit ironic, considering the
intention of the program.

This is junkbuster-2.0-1 installed as part of a 
"complete install" on RedHat 6.2.
It seems that the default install sets no ACL, no logging,
and starts the program on boot.

This is not the buffer overflow reported in 1998. It is
a simple use of the HTTP CONNECT method similar to the Korean
school Apache proxies 

The default for junkbuster 2.0-2 is to listen on localhost only,
so modern installs should be safe.

-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security@triumf.ca


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC