Re: junkbuster 2.0-1 proxy relaying spam VU#150227

["CERT(R) Coordination Center" <cert () cert org>]

-----BEGIN PGP SIGNED MESSAGE-----

Hello Andrew,

Andrew Daviel <andrew () andrew triumf ca> writes:
> I just found a "junkbuster" proxy on a RedHat 6.2 machine
> being used to relay spam - a bit ironic, considering the
> intention of the program.
>
> This is junkbuster-2.0-1 installed as part of a 
> "complete install" on RedHat 6.2.
> It seems that the default install sets no ACL, no logging,
> and starts the program on boot.
>
> This is not the buffer overflow reported in 1998. It is
> a simple use of the HTTP CONNECT method similar to the Korean
> school Apache proxies 
>
> The default for junkbuster 2.0-2 is to listen on localhost only,
> so modern installs should be safe.

Thanks for the report.  I've updated the CERT/CC Addendum:

<http://www.kb.cert.org/vuls/id/AAMN-58ZS6V>


Regards,

  - Art


             Art Manion  --  CERT Coordination Center
    <http://www.cert.org/>   <cert () cert org>   +1 412-268-7090
         E0 1E DF F5 FC 76 00 32  77 8F 25 F7 B0 2E 2C 27


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBPkhCPGjtSoHZUTs5AQGn7QQAuwcen4p+PwWkn65VcozqmCRV8P51CmhO
sClOqJwtwt+U2G4dqDMuMgY+ZkEKUkauUe10rMMDtE5ybx8OyoXb6DN79+JYq0jF
3qDErfGuqNJvgavBQBNrRHrpQHBYrHOxzOP5BjULOfiDYe8bhfrOBldjcJMEe63y
KqKfYYGePWY=
=YBoI
-----END PGP SIGNATURE-----