[16460] in bugtraq
Using Squid to disable (or exploit) Helix Code's lynx trick
daemon@ATHENA.MIT.EDU (Peter W)
Thu Aug 31 05:16:03 2000
Mime-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-955877546-967690660=:3042"
Message-Id: <Pine.LNX.4.21.0008302245390.3042-200000@localhost>
Date: Wed, 30 Aug 2000 22:57:40 -0400
Reply-To: Peter W <peterw@USA.NET>
From: Peter W <peterw@USA.NET>
X-To: "Helix Code, Inc." <security@helixcode.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200008292208.SAA20939@trna.helixcode.com>
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--8323328-955877546-967690660=:3042
Content-Type: TEXT/PLAIN; charset=US-ASCII
At 6:08pm Aug 29, 2000, Helix Code, Inc. wrote:
> The go-gnome pre-installer has been updated on the main Helix Code mirror and
> go-gnome.com. This new version fixes this vulnerability by storing files in
> /var/cache/helix-install, which is writable only by root.
If your users are behind a Squid proxy, I would suggest the following to
protect them from any new problems that might creep up in the script, as
well as network errors, DNS hijacking, etc., etc., since Helix Code seems
to really like this remarkably dangerous hack.
Step 1. Add the following to squid.conf. Be careful with the ACL order!
acl gognome dstdomain go-gnome.com
acl gognome dstdomain spidermonkey.helixcode.com
deny_info ERR_GOGNOME gognome
http_access deny gognome
Step 2. Create a file ERR_GOGNOME in Squid's errors directory
(An example is attached.)
Step 3. Use something like `squid -k reconfigure` to activate the changes.
Naturally, an attacker could use similar techniques to subvert those
behind the Squid proxy. And transparent redirects could be used to subvert
those behind a NAT / IP Masq / Internet Connection Sharing setup.[0]
-Peter
[0] http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
--8323328-955877546-967690660=:3042
Content-Type: TEXT/PLAIN; charset=US-ASCII; name=ERR_GOGNOME
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.21.0008302257400.3042@localhost>
Content-Description: ERR_GOGNOME
Content-Disposition: attachment; filename=ERR_GOGNOME
DQojIDwhLS0NCmVjaG8JVGhpcyBwcm94eSBkb2VzIG5vdCBhbGxvdyBhY2Nl
c3MgdG8gSGVsaXggQ29kZSAiZ28tZ25vbWUiDQplY2hvCWluc3RhbGxhdGlv
biBzaG9ydGN1dC4gUGxlYXNlIGZvbGxvdyB0aGVpciAibWFudWFsIGluc3Rh
bGxhdGlvbiINCmVjaG8JaW5zdHJ1Y3Rpb25zLiBQaXBpbmcgV2ViIHBhZ2Vz
IHRvIGEgc2hlbGwgaXMgZGFuZ2Vyb3VzIQ0KIyAtLT4gWW91IHNob3VsZCB1
c2UgSGVsaXggQ29kZSdzIG1hbnVhbCBpbnN0YWxsYXRpb24gaW5zdHJ1Y3Rp
b25zDQojIFBpcGluZyBXZWIgcGFnZXMgdG8gYSBzaGVsbCBpcyBkYW5nZXJv
dXMhDQoNCiMgPCEtLSBrZWVwIHNoIGZyb20gaW50ZXJwcmV0aW5nIFNxdWlk
IHRyYWlsZXINCmVjaG8gPDxFT0YNCiMgLS0+DQoNCg==
--8323328-955877546-967690660=:3042--
