Bugtraq mailing list archives
Using Squid to disable (or exploit) Helix Code's lynx trick
From: Peter W <peterw () USA NET>
Date: Wed, 30 Aug 2000 22:57:40 -0400
At 6:08pm Aug 29, 2000, Helix Code, Inc. wrote:
The go-gnome pre-installer has been updated on the main Helix Code mirror and go-gnome.com. This new version fixes this vulnerability by storing files in /var/cache/helix-install, which is writable only by root.
If your users are behind a Squid proxy, I would suggest the following to protect them from any new problems that might creep up in the script, as well as network errors, DNS hijacking, etc., etc., since Helix Code seems to really like this remarkably dangerous hack. Step 1. Add the following to squid.conf. Be careful with the ACL order! acl gognome dstdomain go-gnome.com acl gognome dstdomain spidermonkey.helixcode.com deny_info ERR_GOGNOME gognome http_access deny gognome Step 2. Create a file ERR_GOGNOME in Squid's errors directory (An example is attached.) Step 3. Use something like `squid -k reconfigure` to activate the changes. Naturally, an attacker could use similar techniques to subvert those behind the Squid proxy. And transparent redirects could be used to subvert those behind a NAT / IP Masq / Internet Connection Sharing setup.[0] -Peter [0] http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
Attachment:
ERR_GOGNOME
Description: ERR_GOGNOME
Current thread:
- Helix Code Security Advisory - go-gnome pre-installer Helix Code, Inc. (Aug 30)
- Re: Helix Code Security Advisory - go-gnome pre-installer Peter W (Aug 31)
- Using Squid to disable (or exploit) Helix Code's lynx trick Peter W (Aug 31)