{"id": "SECURITYVULNS:DOC:8335", "bulletinFamily": "software", "title": "[ GLSA 200504-11 ] JunkBuster: Multiple vulnerabilities", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200504-11\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: High\r\n Title: JunkBuster: Multiple vulnerabilities\r\n Date: April 13, 2005\r\n Bugs: #88537\r\n ID: 200504-11\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nJunkBuster is vulnerable to a heap corruption vulnerability, and under\r\ncertain configurations may allow an attacker to modify settings.\r\n\r\nBackground\r\n==========\r\n\r\nJunkBuster is a filtering HTTP proxy, designed to enhance privacy and\r\nremove unwanted content.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 www-proxy/junkbuster < 2.0.2-r3 >= 2.0.2-r3\r\n\r\nDescription\r\n===========\r\n\r\nJames Ranson reported a vulnerability when JunkBuster is configured to\r\nrun in single-threaded mode, an attacker can modify the referrer\r\nsetting by getting a victim to request a specially crafted URL. Tavis\r\nOrmandy of the Gentoo Linux Security Audit Team identified a heap\r\ncorruption issue in the filtering of URLs.\r\n\r\nImpact\r\n======\r\n\r\nIf JunkBuster has been configured to run in single-threaded mode, an\r\nattacker can disable or modify the filtering of Referrer: HTTP headers,\r\npotentially compromising the privacy of users. The heap corruption\r\nvulnerability could crash or disrupt the operation of the proxy,\r\npotentially executing arbitrary code.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll JunkBuster users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=www-proxy/junkbuster-2.0.2-r3"\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200504-11.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2005 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.0", "published": "2005-04-14T00:00:00", "modified": "2005-04-14T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:8335", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:12", "edition": 1, "viewCount": 7, "enchantments": {"score": {"value": 2.7, "vector": "NONE", "modified": "2018-08-31T11:10:12", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1489.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473"]}], "modified": "2018-08-31T11:10:12", "rev": 2}, "vulnersScore": 2.7}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **201[.]151.6.30** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **24**.\n First seen: 2020-12-29T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **shellprobe, generic**.\nASN 11172: (First IP 201.151.0.0, Last IP 201.151.25.255).\nASN Name \"\" and Organisation \"Alestra S de RL de CV\".\nASN hosts 5311 domains.\nGEO IP information: City \"Pachuca\", Country \"Mexico\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-29T00:00:00", "id": "RST:EFAFA647-0686-3221-8335-491624290AB5", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: 201.151.6.30", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **plategakufar[.]xyz** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-10-19T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **phishing**. and CNAME records: sinkhole.paloaltonetworks.com.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-19T00:00:00", "id": "RST:D6C2A638-3403-307E-8335-2B623F35F582", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: plategakufar.xyz", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **motomaargentina[.]com.ar** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 181[.]88.192.150\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:173CDA05-3BEA-350B-8335-EC48F75C494D", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: motomaargentina.com.ar", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **193[.]142.59.215** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **37**.\n First seen: 2021-02-17T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **generic**.\nASN 208046: (First IP 193.142.59.0, Last IP 193.142.59.255).\nASN Name \"HOSTSLICKGERMANY\" and Organisation \"Dedicated Server Provider\".\nASN hosts 1566 domains.\nGEO IP information: City \"\", Country \"Germany\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-17T00:00:00", "id": "RST:13E1B8F6-D751-3CA8-8335-7EFD02275969", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: 193.142.59.215", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **esunahuvopy[.]tk** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 195[.]20.43.171\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:5ECB71BD-01B5-31EF-8335-7223B2D11B47", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: esunahuvopy.tk", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **acconnerns[.]top** in [RST Threat Feed](https://rstcloud.net/profeed) with score **9**.\n First seen: 2020-10-10T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 23[.]228.100.131\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-10T00:00:00", "id": "RST:F7D7A63F-1A1B-3C21-8335-ED86D045D7E1", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: acconnerns.top", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **217[.]103.144.253** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **generic**.\nASN 33915: (First IP 217.103.0.0, Last IP 217.105.255.255).\nASN Name \"TNFAS\" and Organisation \"\".\nASN hosts 28723 domains.\nGEO IP information: City \"Tiel\", Country \"Netherlands\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:F8AAEF0B-D6C1-31E7-8335-0E5316C9DFA6", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: 217.103.144.253", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **southairlines[.]co.cc** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 52[.]15.96.207\nWhois:\n Created: 1997-10-12 23:00:00, \n Registrar: GoDaddycom LLC, \n Registrant: Not Available From Registry.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:48FC8ED9-16F5-3D51-8335-BABF99638A0F", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: southairlines.co.cc", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **49[.]115.203.30** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **generic**.\nASN 4134: (First IP 49.114.200.0, Last IP 49.115.231.255).\nASN Name \"CHINANETBACKBONE\" and Organisation \"No31Jinrong Street\".\nASN hosts 1235891 domains.\nGEO IP information: City \"\", Country \"China\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:76BB7238-8335-3C2A-B0CF-CC9725F7C7B6", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: 49.115.203.30", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **50[.]83.33.7** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **7**.\n First seen: 2020-08-23T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **tor_node**.\nASN 30036: (First IP 50.80.0.0, Last IP 50.83.255.255).\nASN Name \"MEDIACOMENTERPRISEBUSINESS\" and Organisation \"Mediacom Communications Corp\".\nASN hosts 3241 domains.\nGEO IP information: City \"Cedar Rapids\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-08-23T00:00:00", "id": "RST:8649A82A-3EC2-35D2-8335-F1CCD79EE076", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: 50.83.33.7", "type": "rst", "cvss": {}}]}