BugTraq
junkbuster 2.0-1 proxy relaying spam Dec 23 2002 10:11AM
Andrew Daviel (andrew andrew triumf ca) (1 replies)
Re: junkbuster 2.0-1 proxy relaying spam VU#150227 Feb 11 2003 12:14AM
CERT(R) Coordination Center (cert cert org)
-----BEGIN PGP SIGNED MESSAGE-----

Hello Andrew,

Andrew Daviel <andrew (at) andrew.triumf (dot) ca [email concealed]> writes:
>I just found a "junkbuster" proxy on a RedHat 6.2 machine
>being used to relay spam - a bit ironic, considering the
>intention of the program.
>
>This is junkbuster-2.0-1 installed as part of a
>"complete install" on RedHat 6.2.
>It seems that the default install sets no ACL, no logging,
>and starts the program on boot.
>
>This is not the buffer overflow reported in 1998. It is
>a simple use of the HTTP CONNECT method similar to the Korean
>school Apache proxies
>
>The default for junkbuster 2.0-2 is to listen on localhost only,
>so modern installs should be safe.

Thanks for the report. I've updated the CERT/CC Addendum:

<http://www.kb.cert.org/vuls/id/AAMN-58ZS6V>

Regards,

- Art

Art Manion -- CERT Coordination Center
<http://www.cert.org/> <cert (at) cert (dot) org [email concealed]> +1 412-268-7090
E0 1E DF F5 FC 76 00 32 77 8F 25 F7 B0 2E 2C 27

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBPkhCPGjtSoHZUTs5AQGn7QQAuwcen4p+PwWkn65VcozqmCRV8P51CmhO
sClOqJwtwt+U2G4dqDMuMgY+ZkEKUkauUe10rMMDtE5ybx8OyoXb6DN79+JYq0jF
3qDErfGuqNJvgavBQBNrRHrpQHBYrHOxzOP5BjULOfiDYe8bhfrOBldjcJMEe63y
KqKfYYGePWY=
=YBoI
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus