peter_lavelle
07-16-2002, 03:24 AM
When I was running a routine security scan on
my firewall box after installing and configuring squid, nessus (the scanning tool I used) gave me the following security warning:
Warning found on port unknown (8080/tcp)
The Sambar webserver is running. It provides a webinterface for sending emails.
You may simply pass a POST request to /session/sendmail and by this send mails to anyone you want.
Due to the fact that Sambar does not check HTTP referers you do not need direct access to the server!
See http://www.toppoint.de/~hscholz/sambar for more information.
Solution : Try to disable this module. There might be a patch in the future.
Risk factor : High
My squid proxy server runs on this port (8080) but I can find no mention of a sambar webserver configuration in squid.conf or in the documentation on the squid-cache website.
My initial thoughts about this were that It could be some sort of trojan or part of the SMNP server that squid runs to allow easy configuration, but portscanning my firewall box using nmap (as root with full options enabled) revealed no snmp servers running on my firewall box.
I may just be jumping to some rather stupid conclusions here, but this things realy got me feeling paranoid.
Any advice/info appreciated.
Thanx in advance,
pete
my firewall box after installing and configuring squid, nessus (the scanning tool I used) gave me the following security warning:
Warning found on port unknown (8080/tcp)
The Sambar webserver is running. It provides a webinterface for sending emails.
You may simply pass a POST request to /session/sendmail and by this send mails to anyone you want.
Due to the fact that Sambar does not check HTTP referers you do not need direct access to the server!
See http://www.toppoint.de/~hscholz/sambar for more information.
Solution : Try to disable this module. There might be a patch in the future.
Risk factor : High
My squid proxy server runs on this port (8080) but I can find no mention of a sambar webserver configuration in squid.conf or in the documentation on the squid-cache website.
My initial thoughts about this were that It could be some sort of trojan or part of the SMNP server that squid runs to allow easy configuration, but portscanning my firewall box using nmap (as root with full options enabled) revealed no snmp servers running on my firewall box.
I may just be jumping to some rather stupid conclusions here, but this things realy got me feeling paranoid.
Any advice/info appreciated.
Thanx in advance,
pete