junkbuster 2.0-1 proxy relaying spam
From: Andrew Daviel (andrew@andrew.triumf.ca)
Date: 12/23/02
- Previous message: Daniel Ahlberg: "GLSA: kde-3.0.x"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 Dec 2002 02:11:41 -0800 (PST) From: Andrew Daviel <andrew@andrew.triumf.ca> To: BUGTRAQ@SECURITYFOCUS.COM
I just found a "junkbuster" proxy on a RedHat 6.2 machine
being used to relay spam - a bit ironic, considering the
intention of the program.
This is junkbuster-2.0-1 installed as part of a
"complete install" on RedHat 6.2.
It seems that the default install sets no ACL, no logging,
and starts the program on boot.
This is not the buffer overflow reported in 1998. It is
a simple use of the HTTP CONNECT method similar to the Korean
school Apache proxies
The default for junkbuster 2.0-2 is to listen on localhost only,
so modern installs should be safe.
-- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 security@triumf.ca
- Next message: Marc Slemko: "Re: 'printenv' XSS vulnerability"
- Previous message: Daniel Ahlberg: "GLSA: kde-3.0.x"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
