Home page logo

bugtraq logo Bugtraq mailing list archives

Vulnerability in Viralator proxy extension
From: Peter Conrad <conrad () tivano de>
Date: Thu, 1 Nov 2001 09:34:03 +0100


Date: October 2001

Product: Viralator (http://viralator.loddington.com/)

Viralator is a perl-script to be used with the squid proxy, an apache
webserver and some virus scanner software. Its purpose is to allow
scanning of files downloaded through the proxy for viruses.
The product has been listed among the "Top 6 Tools" in SecurityFocus
Newsletters #87 and #98.

Affected versions:

The problem has been found in all versions currently available for
download on the viralator website: 0.7, 0.8 and 0.9pre1


Remote execution of arbitrary code as the user under whose ID the
viralator CGI script is running


The URL of the file being downloaded is passed as a parameter to the 
viralator CGI script. This URL is used in an insecure way to download the
file using the "wget" utility. After that, the filename part of the URL
is used in an insecure way to scan the file for a virus.


An official patch does not exist at the time of writing. It is advisable 
to disable access to the script.


 - on June 12 2001 I mailed the author about the problem. I received
   a (very) prompt reply, stating that he was working on a new version.
 - on October 18 I remembered the case and took a look at the viralator
   website. Neither a fixed version nor a warning about the security
   problem could be found. So I emailed the author again, asking if he
   is still working on the project. I haven't received a reply yet.


The problem was reported independently by Pekka Ahmavuo in the viralator
developers forum on August 10 (available at the viralator website).

Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18
63263 Neu-Isenburg

  By Date           By Thread  

Current thread:
  • Vulnerability in Viralator proxy extension Peter Conrad (Nov 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]