Results 1 to 3 of 3

Thread: Vulnerability: Astaro Security Linux Firewall - HTTP Proxy vulnerability

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulnerability: Astaro Security Linux Firewall - HTTP Proxy vulnerability

    A quite well known (i.e. ancient) type of proxy vulnerability was found in the https proxy of Astaro Security Linux firewall (which is a chrooted yet plain squid btw.)

    This general problem has been known to be an issue with nearly all HTTP proxies for ages (e.g. http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.14).

    The vulnerability can be exploited using the CONNECT method to connect to a different server, e.g. an internal mailserver as port usage is completely unrestricted by the Astaro proxy.

    Example:
    you = 6.6.6.666
    Astaro = 1.1.1.1 (http proxy at port 8080)
    Internal Mailserver = 2.2.2.2

    connect with "telnet 1.1.1.1 8080" to Astaro proxy and enter CONNECT 2.2.2.2:25 / HTTP/1.0

    response: mail server banner - and running SMTP session e.g. to send SPAM from.

    You can connect to any TCP port on any machine the proxy can connect to. Telnet, SMTP, POP, etc.


    Solution:

    Install patch 3.215 - there you can restrict the ports you allow access to. I'd suggest ports 21 70 80 443 563 210 1025-65535 which stand for FTP, Gopher, HTTP, HTTPS, HTTPS(seldom), WAIS and nonprivileged services (e.g. passive FTP)


    Volker Tanger
    IT-Security Consulting

    Source: http://www.xatrix.org/article2580.html

  2. #2
    Nice info and very good link.
    This site has some useful stuff
    thanks
    keepup the good posts

  3. #3
    How is it that such well known security holes continue to exist? I understand that it is easy for a program to miss such a thing with so many problems to take care of, but with the widespread use of tiger teams and new ways of testing such software, an automated complete tester even, one would think that such problems would be rooted out before a product is released.

    Does anyone know -why- this tendency exists? If we can figure that out, perhaps we can help stop this trend, or catch such problems sooner.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •