-----BEGIN PGP SIGNED MESSAGE----- Hello Andrew, Andrew Daviel <andrew@andrew.triumf.ca> writes: >I just found a "junkbuster" proxy on a RedHat 6.2 machine >being used to relay spam - a bit ironic, considering the >intention of the program. > >This is junkbuster-2.0-1 installed as part of a >"complete install" on RedHat 6.2. >It seems that the default install sets no ACL, no logging, >and starts the program on boot. > >This is not the buffer overflow reported in 1998. It is >a simple use of the HTTP CONNECT method similar to the Korean >school Apache proxies > >The default for junkbuster 2.0-2 is to listen on localhost only, >so modern installs should be safe. Thanks for the report. I've updated the CERT/CC Addendum: <http://www.kb.cert.org/vuls/id/AAMN-58ZS6V> Regards, - Art Art Manion -- CERT Coordination Center <http://www.cert.org/> <cert@cert.org> +1 412-268-7090 E0 1E DF F5 FC 76 00 32 77 8F 25 F7 B0 2E 2C 27 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBPkhCPGjtSoHZUTs5AQGn7QQAuwcen4p+PwWkn65VcozqmCRV8P51CmhO sClOqJwtwt+U2G4dqDMuMgY+ZkEKUkauUe10rMMDtE5ybx8OyoXb6DN79+JYq0jF 3qDErfGuqNJvgavBQBNrRHrpQHBYrHOxzOP5BjULOfiDYe8bhfrOBldjcJMEe63y KqKfYYGePWY= =YBoI -----END PGP SIGNATURE-----
