[UNIX] Vulnerability in Viralator Proxy Extension

From: support@securiteam.com
Date: 11/04/01 

From: support@securiteam.com
To: list@securiteam.com
Subject: [UNIX] Vulnerability in Viralator Proxy Extension
Message-Id: <20011104070237.A3263138BF@mail.der-keiler.de>
Date: Sun,  4 Nov 2001 08:02:37 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Vulnerability in Viralator Proxy Extension
------------------------------------------------------------------------

SUMMARY

 <http://viralator.loddington.com/> Viralator is a Perl-script that is
used with the squid proxy, Apache web server, and virus scanner software.
Its purpose is to allow scanning of files downloaded through the proxy for
viruses. A vulnerability in the product allows remote execution of
arbitrary code with privileges of that the viralator CGI script runs with.

DETAILS

Affected versions:
The problem has been found in all versions currently available for
download on the viralator website: 0.7, 0.8, and 0.9pre1

The URL of the file being downloaded is passed as a parameter to the
viralator CGI script. This URL is used in an insecure way to download the
file using the "wget" utility. After that, the filename part of the URL is
again used in an insecure manner to scan the file for a virus.

Solution:
An official patch does not exist at the time of writing. It is advisable
to disable access to the script.

ADDITIONAL INFORMATION

The information has been provided by <mailto:conrad@tivano.de> Peter
Conrad.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • Vulnerability in Viralator proxy extension
    ... Product: Viralator ... Viralator is a perl-script to be used with the squid proxy, ... viralator CGI script is running ... This URL is used in an insecure way to download the ...
    (Bugtraq)
  • Antivirus on web proxy
    ... I'm having a hard time getting antivirus plugged into a web proxy... ... I've tried Viralator and Squivi without luck; ...
    (freebsd-questions)
  • web based email attachment scanning?
    ... I currently have a proxy/virus scanning setup with squid, squirm, and ... (.zip is a regex setting in squirm; one can set it to match any file ... The download will not be scanned. ... Does anyone know of a way to make viralator ...
    (comp.security.firewalls)
  • web based email attachment scanning?
    ... I currently have a proxy/virus scanning setup with squid, squirm, and ... (.zip is a regex setting in squirm; one can set it to match any file ... The download will not be scanned. ... Does anyone know of a way to make viralator ...
    (comp.security.firewalls)