Users login

Create an account »


Users login

Home » Hacking News » Astaro Security Linux Firewall - HTTP Proxy vulnerability

Astaro Security Linux Firewall - HTTP Proxy vulnerability

by Nikola Strahija on January 23rd, 2003 A quite well known (i.e. ancient) type of proxy vulnerability was found in the https proxy of Astaro Security Linux firewall (which is a chrooted yet plain squid btw.)

This general problem has been known
to be an issue with nearly all HTTP proxies for ages (e.g.

The vulnerability can be exploited using the CONNECT method to
connect to a different server, e.g. an internal mailserver as port
usage is completely unrestricted by the Astaro proxy.

you =
Astaro = (http proxy at port 8080)
Internal Mailserver =

connect with "telnet 8080" to Astaro proxy and enter

response: mail server banner - and running SMTP session e.g.
to send SPAM from.

You can connect to any TCP port on any machine the proxy can connect
to. Telnet, SMTP, POP, etc.


Install patch 3.215 - there you can restrict the ports you allow
access to. I'd suggest ports 21 70 80 443 563 210 1025-65535 which
stand for FTP, Gopher, HTTP, HTTPS, HTTPS(seldom), WAIS and
nonprivileged services (e.g. passive FTP)

Volker Tanger
IT-Security Consulting

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »