Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Astaro Security Linux Firewall - HTTP Proxy vulnerability

Astaro Security Linux Firewall - HTTP Proxy vulnerability

by Nikola Strahija on January 23rd, 2003 A quite well known (i.e. ancient) type of proxy vulnerability was found in the https proxy of Astaro Security Linux firewall (which is a chrooted yet plain squid btw.)


This general problem has been known
to be an issue with nearly all HTTP proxies for ages (e.g.
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.14).

The vulnerability can be exploited using the CONNECT method to
connect to a different server, e.g. an internal mailserver as port
usage is completely unrestricted by the Astaro proxy.

Example:
you = 6.6.6.666
Astaro = 1.1.1.1 (http proxy at port 8080)
Internal Mailserver = 2.2.2.2

connect with "telnet 1.1.1.1 8080" to Astaro proxy and enter
CONNECT 2.2.2.2:25 / HTTP/1.0

response: mail server banner - and running SMTP session e.g.
to send SPAM from.

You can connect to any TCP port on any machine the proxy can connect
to. Telnet, SMTP, POP, etc.


Solution:

Install patch 3.215 - there you can restrict the ports you allow
access to. I'd suggest ports 21 70 80 443 563 210 1025-65535 which
stand for FTP, Gopher, HTTP, HTTPS, HTTPS(seldom), WAIS and
nonprivileged services (e.g. passive FTP)


Volker Tanger
IT-Security Consulting


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »