JunkBuster Configuration Modification Vulnerability

Bugtraq ID:	13147
Class:	Input Validation Error
CVE:	CVE-2005-1108
Remote:	Yes
Local:	No
Published:	Apr 13 2005 12:00AM
Updated:	Jul 12 2009 12:56PM
Credit:	Discovery is credited to James Ranson.
Vulnerable:	Junkbuster Internet Junkbuster 2.0.2 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Gentoo Linux + Redhat Linux 7.2 + Redhat Linux 7.1 + Redhat Linux 7.0 Junkbuster Internet Junkbuster 2.0.1 + Redhat Linux 6.2
Not Vulnerable:

JunkBuster Configuration Modification Vulnerability

JunkBuster is prone to an issue that could allow a remote attacker to modify configuration settings. This could potentially compromise the privacy of the user of the affected application.

JunkBuster Configuration Modification Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

JunkBuster Configuration Modification Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Gentoo has released advisory GLSA 200504-11 and fixes for this issue. To obtain fixes, users should execute the following commands:

emerge --sync
emerge --ask --oneshot --verbose ">=www-proxy/junkbuster-2.0.2-r3"

Debian has released advisory DSA 713-1 and fixes to address this issue. Please see the referenced advisory for links to fixed packages.


Junkbuster Internet Junkbuster 2.0.2

• Debian junkbuster_2.0.2-0.2woody1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2 .0.2-0.2woody1_alpha.deb


• Debian junkbuster_2.0.2-0.2woody1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2 .0.2-0.2woody1_arm.deb


• Debian junkbuster_2.0.2-0.2woody1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2 .0.2-0.2woody1_hppa.deb


• Debian junkbuster_2.0.2-0.2woody1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2 .0.2-0.2woody1_i386.deb


• Debian junkbuster_2.0.2-0.2woody1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2 .0.2-0.2woody1_ia64.deb


• Debian junkbuster_2.0.2-0.2woody1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2 .0.2-0.2woody1_m68k.deb


• Debian junkbuster_2.0.2-0.2woody1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2 .0.2-0.2woody1_mips.deb


• Debian junkbuster_2.0.2-0.2woody1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2 .0.2-0.2woody1_mipsel.deb


• Debian junkbuster_2.0.2-0.2woody1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2 .0.2-0.2woody1_powerpc.deb


• Debian junkbuster_2.0.2-0.2woody1_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2 .0.2-0.2woody1_s390.deb


• Debian junkbuster_2.0.2-0.2woody1_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2 .0.2-0.2woody1_sparc.deb

JunkBuster Configuration Modification Vulnerability

References:

• Internet Junkbuster Proxy (Junkbuster)