Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: bt206.txt

Venturi Client 2.1 confirmed as open relay







Product: [Fourelle|Venturi Wireless] Venturi Client

(all versions prior to 2.2)



Brief Description: Acts as an open proxy for protocols

including SMTP.



Description: Venturi Client is a multi-protocol proxy

that operates in conjunction with a proprietary

transcoding server. It inserts itself into the

networking stack in order to transparently intercept

network requests. In versions prior to 2.2 remote

machines are able to proxy just about anything through

the system. Although it can be used for more, the only

wild attack I have detected was by a spammer looking to

make an open SMTP relay. (Several hundred thousand

spams were sent in the two hours it took to detect and

disconnect the compromised machine.)



Recommended actions:

1] Uninstall the product. Removing the front end GUI

from the startup menu is not sufficient.

2] Upgrade from v2.1 to 2.2 using the now released

patch:

http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm

3] Use a firewall to prevent outside connections to

machine.



Distributed by: Verizon Wireless as part of their

Mobile Office package. The company also claim

partnership with Motorola, Sierra Wireless, Telus, Bell

Mobility, CommWorks (3Com) and DDI Pocket. I believe

that enterprises can also purchase this product directly.



Company Reaction: Venturi Wireless knew of this flaw

and had an unpublished patch as of my initial contact

on the 12th of May. It is unclear how long they have

known about it. They claimed it had not been found to

be used in the wild. We negotiated that they would

publicly release information by the 16th in return for

a couple days to write up a notice. They have now

posted the patch, with no details, at

http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm

There is as of yet no link on their site to this page,

and I suspect it will be buried when there is. Given

the severity of this vulnerability I am posting this to

some appropriate newsgroups and bugtraq.



Josh Steinhurst

Department of Computer Science

University of North Carolina at Chapel Hill


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH