[24397] in bugtraq
RE: UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint fire
daemon@ATHENA.MIT.EDU (Corey J. Steele)
Sat Feb 23 11:04:36 2002
From: "Corey J. Steele" <csteele@good-sam.com>
To: "Proescholdt timo" <Timo.Proescholdt@brk-muenchen.de>
Cc: bugtraq@securityfocus.com,
"'Steve VanDevender'" <stevev@hexadecimal.uoregon.edu>
In-Reply-To: <410B51F29EA8D3118EE400508B44AE2B3C6FCD@rz-nt-mail.brk-muenchen.de>
Date: 22 Feb 2002 07:57:33 -0600
Message-Id: <1014386253.12936.4.camel@ws47619>
Mime-Version: 1.0
Content-type: multipart/mixed; boundary="=_IS_MIME_Boundary"
--=_IS_MIME_Boundary
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
FYI,
Trend's Interscan 3.6 running on Linux is not vulnerable to this (we are
using Interscan in conjunction with squid.)
-C
On Wed, 2002-02-20 at 17:55, Proescholdt, timo wrote:
>
> > It's not just Checkpoint Firewall that has a problem with HTTP
> CONNECT.>
> > From what I can tell default installations of the CacheFlow web proxy
> > software, some Squid installations, some Apache installations with
> > proxying enabled, and some other web proxy installations I haven't
> > identified allow anyone to use the HTTP CONNECT method. This is being
>
> Finjan-SurfinGate/4.0 ( NT ) is "vulnerable" , Trend Micro Interscan
> Viruswall ( 3.51 ) ( NT ) as well. Both do not seem to have a
> configuration
> switch to change this behaviour.
> Squid 2.3 STABLE 1 seems not to be affected by this issue, as there is
> no
> CONNECT Method allowed in default configuration.
>
> greetings
> timo
--
Information Security Analyst
Good Samaritan Society
e-mail: csteele@good-sam.com
voice: (605) 362-3899
--=_IS_MIME_Boundary--
