WinGate version 2.1 Exploitable
Vulnerability tested on Wingate version 2.1
SYSTEMS AFFECTED
WinOS running Wingate 2.1
PROBLEM
The problem is in the WinGate LogFile service being accessable to
anyone by default and poor programming on the part of
Deerfield Communications Company.
IMPACT
If the LogFile service is not reconfigured after install then any remote
user can access the WinGate servers harddrive having readaccess to any
file on the same drive as the WinGate installation.
EXPLOIT
WinGate servers that are running the LogFile Service, listen for
connections on TCP Port 8010. By opening a HTTP session to this port
you will either get a "connection cannot be established" or a listing of
directories on the remote drive wingate was installed upon.
SOLUTION
Under your WinGate "GateKeeper" make sure your LogFile Service
Bindings do not allow connections coming in on any interface. Basically
as with any WinGate situation, deny access from all IP's except for the
trusted IPs on your internal network or possbile remote IPs that you
might use to check your system from a remote location.
NOTE
This is the second time that Rhino9 has released an advisory about
WinGate. WinGate was recently recoded to stop the "WinGate bounce
exploit" and will need to be recoded or patched for this current advisory.
We are not knocking WinGate... it is a good product just needs some
work. WinGate can be almost unbreakable if you configure it right by
only allowing trusted IPs etc...
The contents of this advisory are Copyright (c) 1998 the Rhino9 security
research team, this document may be distributed freely, as long as
proper credit is given. (
geocities.com/dharan6/library) (
geocities.com/dharan6)