winroute.3.0x.txt

1999-08-17T00:00:00
ID PACKETSTORM:12086
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `Date: Fri, 9 Apr 1999 00:37:05 -0400  
From: Michael R. Rudel <mrr@DODDS.NET>  
To: BUGTRAQ@netspace.org  
Subject: Bug in Winroute 3.04g  
  
There is a bug in the remote proxy server admin part of Winroute 3.04g.  
I have tested it on an earlier release (3.04a), and that is also  
vulnerable.  
  
When you first access the admin proxy server, it asks for a username and  
password to authenticate to. If you hit 'cancel', one frame will come  
back as not containing any data, but the other frame will still give you  
all the buttons that you need to configure the software - giving you  
full access.  
  
This is a semisortakindaserious bug, as anyone using Winroute can be  
disconnected from the Internet by anyone else in the world, as they can  
authenticate to the admin proxy server without a user name and password.  
  
- Michael R. Rudel (mrr@mrr.cx)  
- Computer Tech  
- Pinckney Community Schools  
  
----------------------------------------------------------------------------  
  
Date: Fri, 9 Apr 1999 16:12:05 -0700  
From: Max Vision <vision@WHITEHATS.COM>  
To: BUGTRAQ@netspace.org  
Subject: Re: Bug in Winroute 3.04g  
  
On Fri, 9 Apr 1999, Michael R. Rudel wrote:  
> There is a bug in the remote proxy server admin part of Winroute 3.04g.  
> I have tested it on an earlier release (3.04a), and that is also  
> vulnerable.  
>  
  
Confirmed on Winroute Pro 3.04  
http://localhost:3129/admin/config/ takes yous straight to the  
configuration options without authentication.  
  
If one is going to use Winroute, I highly recommend turning on the  
packet filter found at Settings -> Advanced -> Packetfilter  
  
An unrelated bug is that the packetfilter refuses to pass on tcp 139  
regardless of implicite configuration otherwise.  
  
Max  
  
`