|
Product: [Fourelle|Venturi Wireless] Venturi Client (all versions prior to 2.2) Brief Description: Acts as an open proxy for protocols including SMTP. Description: Venturi Client is a multi-protocol proxy that operates in conjunction with a proprietary transcoding server. It inserts itself into the networking stack in order to transparently intercept network requests. In versions prior to 2.2 remote machines are able to proxy just about anything through the system. Although it can be used for more, the only wild attack I have detected was by a spammer looking to make an open SMTP relay. (Several hundred thousand spams were sent in the two hours it took to detect and disconnect the compromised machine.) Recommended actions: 1] Uninstall the product. Removing the front end GUI from the startup menu is not sufficient. 2] Upgrade from v2.1 to 2.2 using the now released patch: http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm 3] Use a firewall to prevent outside connections to machine. Distributed by: Verizon Wireless as part of their Mobile Office package. The company also claim partnership with Motorola, Sierra Wireless, Telus, Bell Mobility, CommWorks (3Com) and DDI Pocket. I believe that enterprises can also purchase this product directly. Company Reaction: Venturi Wireless knew of this flaw and had an unpublished patch as of my initial contact on the 12th of May. It is unclear how long they have known about it. They claimed it had not been found to be used in the wild. We negotiated that they would publicly release information by the 16th in return for a couple days to write up a notice. They have now posted the patch, with no details, at http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm There is as of yet no link on their site to this page, and I suspect it will be buried when there is. Given the severity of this vulnerability I am posting this to some appropriate newsgroups and bugtraq. Josh Steinhurst Department of Computer Science University of North Carolina at Chapel Hill