TUCoPS :: Unix :: General
:: imute-1.htm
InterMute junk filter proxy vulnerability
Vulnerability
interMute
Affected
Those running interMute
Description
John Temples found following. interMute is a junk filter/privacy
enhancer for web browsers. It runs as either a privileged Java
applet within your browser, or as a standalone Java application.
interMute operates as a proxy server listening on port 4444, and
is meant to operate dedicated to a single user. It correctly
rejects any service requests from IP addresses not on the local
host. However, it has no mechanism to determine whether requests
coming from the local host originated from the browsing user, or
some other user. The interMute proxy has a "home page" from
which the user can configure it and view filtering statistics for
the current session. A local user on a UNIX host can connect to
another user's interMute proxy, giving him full control over
interMute. Thus various attacks and intrusions are possible:
1) The sites which were acted upon by interMute are listed in
the "statistics" area, thus revealing part of the user's
browsing history;
2) interMute can be configured to chain to another proxy, thus
allowing all browsing activity to be redirected and logged
without the user's knowledge;
3) interMute can be configured to load a home page which could
contain hostile Java and/or JavaScript code;
4) Various denial of service attacks are possible by
reconfiguring interMute's filters.
Solution
Nothing yet.