A quite well known (i.e. ancient) type of proxy vulnerability was found in the https proxy of Astaro Security Linux firewall (which is a chrooted yet plain squid btw.)

This general problem has been known to be an issue with nearly all HTTP proxies for ages (e.g. http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.14).

The vulnerability can be exploited using the CONNECT method to connect to a different server, e.g. an internal mailserver as port usage is completely unrestricted by the Astaro proxy.

Example:
you = 6.6.6.666
Astaro = 1.1.1.1 (http proxy at port 8080)
Internal Mailserver = 2.2.2.2

connect with "telnet 1.1.1.1 8080" to Astaro proxy and enter CONNECT 2.2.2.2:25 / HTTP/1.0

response: mail server banner - and running SMTP session e.g. to send SPAM from.

You can connect to any TCP port on any machine the proxy can connect to. Telnet, SMTP, POP, etc.


Solution:

Install patch 3.215 - there you can restrict the ports you allow access to. I'd suggest ports 21 70 80 443 563 210 1025-65535 which stand for FTP, Gopher, HTTP, HTTPS, HTTPS(seldom), WAIS and nonprivileged services (e.g. passive FTP)


Volker Tanger
IT-Security Consulting

Source: http://www.xatrix.org/article2580.html