Andrew Daviel <andrew (at) andrew.triumf (dot) ca [email concealed]> writes:
>I just found a "junkbuster" proxy on a RedHat 6.2 machine
>being used to relay spam - a bit ironic, considering the
>intention of the program.
>
>This is junkbuster-2.0-1 installed as part of a
>"complete install" on RedHat 6.2.
>It seems that the default install sets no ACL, no logging,
>and starts the program on boot.
>
>This is not the buffer overflow reported in 1998. It is
>a simple use of the HTTP CONNECT method similar to the Korean
>school Apache proxies
>
>The default for junkbuster 2.0-2 is to listen on localhost only,
>so modern installs should be safe.
Thanks for the report. I've updated the CERT/CC Addendum:
<http://www.kb.cert.org/vuls/id/AAMN-58ZS6V>
Regards,
- Art
Art Manion -- CERT Coordination Center
<http://www.cert.org/> <cert (at) cert (dot) org [email concealed]> +1 412-268-7090
E0 1E DF F5 FC 76 00 32 77 8F 25 F7 B0 2E 2C 27
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
Hello Andrew,
Andrew Daviel <andrew (at) andrew.triumf (dot) ca [email concealed]> writes:
>I just found a "junkbuster" proxy on a RedHat 6.2 machine
>being used to relay spam - a bit ironic, considering the
>intention of the program.
>
>This is junkbuster-2.0-1 installed as part of a
>"complete install" on RedHat 6.2.
>It seems that the default install sets no ACL, no logging,
>and starts the program on boot.
>
>This is not the buffer overflow reported in 1998. It is
>a simple use of the HTTP CONNECT method similar to the Korean
>school Apache proxies
>
>The default for junkbuster 2.0-2 is to listen on localhost only,
>so modern installs should be safe.
Thanks for the report. I've updated the CERT/CC Addendum:
<http://www.kb.cert.org/vuls/id/AAMN-58ZS6V>
Regards,
- Art
Art Manion -- CERT Coordination Center
<http://www.cert.org/> <cert (at) cert (dot) org [email concealed]> +1 412-268-7090
E0 1E DF F5 FC 76 00 32 77 8F 25 F7 B0 2E 2C 27
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCVAwUBPkhCPGjtSoHZUTs5AQGn7QQAuwcen4p+PwWkn65VcozqmCRV8P51CmhO
sClOqJwtwt+U2G4dqDMuMgY+ZkEKUkauUe10rMMDtE5ybx8OyoXb6DN79+JYq0jF
3qDErfGuqNJvgavBQBNrRHrpQHBYrHOxzOP5BjULOfiDYe8bhfrOBldjcJMEe63y
KqKfYYGePWY=
=YBoI
-----END PGP SIGNATURE-----
[ reply ]