home *** CD-ROM | disk | FTP | other *** search
- WinGate version 2.1 Exploitable
-
- Vulnerability tested on Wingate version 2.1
-
- SYSTEMS AFFECTED
- WinOS running Wingate 2.1
-
- PROBLEM
- The problem is in the WinGate LogFile service being accessable to
- anyone by default and poor programming on the part of
- Deerfield Communications Company.
-
- IMPACT
- If the LogFile service is not reconfigured after install then any remote
- user can access the WinGate servers harddrive having readaccess to any
- file on the same drive as the WinGate installation.
-
- EXPLOIT
- WinGate servers that are running the LogFile Service, listen for
- connections on TCP Port 8010. By opening a HTTP session to this port
- you will either get a "connection cannot be established" or a listing of
- directories on the remote drive wingate was installed upon.
-
- SOLUTION
- Under your WinGate "GateKeeper" make sure your LogFile Service
- Bindings do not allow connections coming in on any interface. Basically
- as with any WinGate situation, deny access from all IP's except for the
- trusted IPs on your internal network or possbile remote IPs that you
- might use to check your system from a remote location.
-
- NOTE
- This is the second time that Rhino9 has released an advisory about
- WinGate. WinGate was recently recoded to stop the "WinGate bounce
- exploit" and will need to be recoded or patched for this current advisory.
- We are not knocking WinGate... it is a good product just needs some
- work. WinGate can be almost unbreakable if you configure it right by
- only allowing trusted IPs etc...
-
- The contents of this advisory are Copyright (c) 1998 the Rhino9 security
- research team, this document may be distributed freely, as long as
- proper credit is given.
