[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18
- From: "Kyle Williams" <kyle.kwilliams@xxxxxxxxx>
- Date: Wed, 31 Oct 2007 09:11:55 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Wed, 31 Oct 2007 12:12:04 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=dCYVMCZuOSPS24R3mRcPh3gShO7J5Fs3qylfDXHwsF8=; b=cxwp7QMZKZd58Sm0XnisS3cEWDeVdd5GNwCLrG2vK7xcCSkK2iuz/oLuYJFfSPDqxArnyIlhQF6CbuOYGf0iRiw3Zcg2F+kBfGR+l+aq2JdtUQKGq9t5bTqgqRGY1V66MM45hynQ6VCzAnZQqJgpchGNSRIbPoJvSqNTnOUF6Y0=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=buKJZp5QPQGzqpgskvHUDidEJjT+1xRySZw0dOxNzoumyC2GIHItqB/wu2KQBJO0egjMKcZ95RwwJ+5+JDPd5W+IlykGk9BYfxukPoNmhWRfurZVsx4s6Luahmm3FEeSFoICLWV/KvahJbrhTRoMzssqo0SE8KdpKBRcir9QAiw=
- In-reply-to: <67C531E4-2538-4403-BC4E-0A975ED80CFB@xxxxxxxxx>
- References: <67C531E4-2538-4403-BC4E-0A975ED80CFB@xxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On 10/31/07, Gregory Fleischer (Lists) <gfleischer.lists@xxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Versions of the Vidalia bundle prior to 0.1.2.18 install Privoxy with
an insecure configuration file. Both Windows and Mac OS X versions
are affected. The installed 'config.txt' file ('config' on Mac OS X)
had the following option values set to 1:
Additionally, on Windows the following option was set to 1:
Malicious sites (or malicious exit nodes) could include active content
- make requests through the proxy that causes Privoxy filtering to
be bypassed or completely disabled
- establish a direct connection from the web browser to the local
proxy and modify the user defined configuration values
The Privoxy documentation recommends against enabling these options in
multi-user environments or when dealing with untrustworthy clients.
However, the documentation does not mention that client-side
web browser scripts or vulnerabilities could be exploited as well.
It should be noted that using Tor is not a prerequisite for some of
these attacks to be successful. Users of Tor may be at greater risk,
because malicious exit nodes can inject content into otherwise trusted
In order to allow time for people to upgrade, additional attack
details and sample code will be withheld for a couple of days.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
-----END PGP SIGNATURE-----
We noted this a while back with JanusVM, but I don't think we documented the reasoning behind it.
(Cue Roger giving a friendly reminder to get more documentation and source code produced ;-)
First we disabled those options for obvious reasons.
Then we enabled them because a couple of users wanted more control.
Then we disabled them again because that level of control can be accessed from the console if they really want it.