Another WinGate hole -- this time with the LogFile service
| Description: | The WinGate Logfile service basically puts up a web server on port 8010 giving full read access to the victim's hard drive(!) |
| Author: | HKirk <hkirk@tech-point.com> |
| Compromise: | Remote read access to a Wingate user's hard drive |
| Vulnerable Systems: | Windows users who run Wingate. This program is a huge security hole, a much better (cheaper, more secure, more robust, better performing) solution is to install a Linux gateway with IP masquerading. |
| Date: | 29 March 1998 |
Date: Sun, 29 Mar 1998 00:29:08 -0500
From: HKirk <hkirk@tech-point.com>
To: BUGTRAQ@NETSPACE.ORG
Subject: Hole.
Exploitable flaw in the New Version of WinGate... The Deerfield company
released this new version to fix previous flaws found by our team...
Keep tryin guys.. and we will keep you on your toes.
http://207.98.195.250/advisories/
NeonSurge
The Rhino9 Team
http://207.98.195.250/
[Links] [Image][Image]
[Image]
[About] WinGate version 2.1 Exploitable
[Updates]
[Contact] Vulnerability tested on Wingate version 2.1
[Advisories]
[Texts] SYSTEMS AFFECTED
[Products] WinOS running Wingate 2.1
[Tools]
[Links] PROBLEM
The problem is in the WinGate LogFile service
being accessable to anyone by default and poor
programming on the part of
Deerfield Communications Company.
IMPACT
If the LogFile service is not reconfigured after
install then any remote user can access the
WinGate servers harddrive having readaccess to any
file on the same drive as the WinGate
installation.
EXPLOIT
WinGate servers that are running the LogFile
Service, listen for connections on TCP Port 8010.
By opening a HTTP session to this port you will
either get a "connection cannot be established" or
a listing of directories on the remote drive
wingate was installed upon.
SOLUTION
Under your WinGate "GateKeeper" make sure your
LogFile Service Bindings do not allow connections
coming in on any interface. Basically as with any
WinGate situation, deny access from all IP's
except for the
trusted IPs on your internal network or possbile
remote IPs that you might use to check your system
from a remote location.
NOTE
This is the second time that Rhino9 has released
an advisory about WinGate. WinGate was recently
recoded to stop the "WinGate bounce exploit" and
will need to be recoded or patched for this
current advisory. We are not knocking WinGate...
it is a good product just needs some work. WinGate
can be almost unbreakable if you configure it
right by only allowing trusted IPs etc...
The contents of this advisory are Copyright (c)
1998 the Rhino9 security research team, this
document may be distributed freely, as long as
proper credit is given.
[Image]
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources:
