« C0mrade's Suicide Linked to TJX Probe | Main | Antisec hackers replace all imageshack images! »

Months later, more products identified using exploitable transparent proxy architecture

It's been more than 3 months since I published my paper on abusing transparent proxies with flash, and 4 months since CERT's Advisory (VU#435052). Since that time additional products have been identified as being exploitable.

Still Vulnerable

Products with fixes or workarounds

Note: I have not verified the claimed fixes for the products above and have no plans to.

As you can see a number of security web filtering products are open to abuse. Some vendors provide a workaround involving 'filtering off IP' to sensitive internal addresses' which isn't a fix for this issue because you can still make any request to any outside network (assuming the proxy supports this, most will).

Chances are there are dozens more affected since this is a design abuse. If you know any please let me know and I'll add it to the list (please include something from the vendor page acknowledging the issue).

I'll be attending Blackhat and defcon later this month so if there are any proxy/http nerds who want to chat drop me a line.

Additional Coverage and related posts

Socket Capable Browser Plug-ins Result In Transparent Proxy Abuse

Proxy Attack Stupid Buzzword Contest

Why does Silverlight have a restricted port range for Sockets?

Proxy server bug exposes websites' private parts

ISA Server vs US-CERT VU#435052 – A Quick Test

Transparente Proxies ebnen Angreifern den Weg ins lokale Netz


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!