|
|
|
|
| |
| A quite well known type of proxy vulnerability was found for TrendMicro's InterScan VirusWall. This general problem has been known to be an issue with plain HTTP proxies like Squid. |
| |
Credit:
The information has been provided by Volker Tanger.
|
| |
Vulnerable systems:
* TrendMicro's InterScan VirusWall version 3.6
Immune systems:
* TrendMicro's InterScan VirusWall version 3.7 Build 1190 or newer
The vulnerability can be exploited using the CONNECT method to connect to a different server, e.g. an internal mailserver.
Example:
You = 6.6.6.666
Trendmicro ISVW = 1.1.1.1 (HTTP proxy at port 80)
Internal Mailserver = 2.2.2.2
Connect with "telnet 1.1.1.1 80" to ISVW proxy and enter: CONNECT 2.2.2.2:25 / HTTP/1.0
The response should be the mail server banner.
You can connect to any TCP port on any machine the proxy can connect to. Telnet, SMTP, POP, etc.
Solution:
Update to ISVW 3.7 Build 1190 or newer (available since some weeks now).
Workarounds:
- Disable the HTTP proxy.
- You have a firewall that prevents unauthorized access to the Trend ISVW proxy.
|
|
|
|
|
|
|
|
|
|
