|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: CERT(R) Coordination Center (cert_at_cert.org)
Date: Tue Feb 11 2003 - 10:50:23 CST
-----BEGIN PGP SIGNED MESSAGE-----
Hello Andrew,
Andrew Daviel <andrew
andrew.triumf.ca> writes:
>I just found a "junkbuster" proxy on a RedHat 6.2 machine
>being used to relay spam - a bit ironic, considering the
>intention of the program.
>
>This is junkbuster-2.0-1 installed as part of a
>"complete install" on RedHat 6.2.
>It seems that the default install sets no ACL, no logging,
>and starts the program on boot.
>
>This is not the buffer overflow reported in 1998. It is
>a simple use of the HTTP CONNECT method similar to the Korean
>school Apache proxies
>
>The default for junkbuster 2.0-2 is to listen on localhost only,
>so modern installs should be safe.
Thanks for the report. I've updated the CERT/CC Addendum:
<http://www.kb.cert.org/vuls/id/AAMN-58ZS6V>
Regards,
- Art
Art Manion -- CERT Coordination Center
<http://www.cert.org/> <certcert.org> +1 412-268-7090
E0 1E DF F5 FC 76 00 32 77 8F 25 F7 B0 2E 2C 27
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCVAwUBPkhCPGjtSoHZUTs5AQGn7QQAuwcen4p+PwWkn65VcozqmCRV8P51CmhO
sClOqJwtwt+U2G4dqDMuMgY+ZkEKUkauUe10rMMDtE5ybx8OyoXb6DN79+JYq0jF
3qDErfGuqNJvgavBQBNrRHrpQHBYrHOxzOP5BjULOfiDYe8bhfrOBldjcJMEe63y
KqKfYYGePWY=
=YBoI
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]