[15818] in bugtraq
Re: nasty bug in wingate server, potential DOS.
daemon@ATHENA.MIT.EDU (Tony Langdon)
Tue Jul 18 03:19:42 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"
Message-ID: <B17EB7B34580D311BE38525405DF623225F10F@atc-mail-db.atctraining.com.au>
Date: Tue, 18 Jul 2000 08:44:26 +1000
Reply-To: Tony Langdon <tlangdon@ATCTRAINING.COM.AU>
From: Tony Langdon <tlangdon@ATCTRAINING.COM.AU>
X-To: gregory duchemin <c3rb3r@HOTMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> if someone submit a USER command like this:
>
> USER login@host.domain@127.0.0.1@127.0.0.1
> PASS what3ver_u_want
This sounds like it could be worked around. In older versions of Wingate,
it was possible to bind a service to a specific interface, and applying
policies based on source IPs, so it should be possible to work around the
problem by:
1. Binding only the interface which will accept the connections from the
clients (normally on the inside of the firewall).
2. Setting a policy which denies connections from any of the machine's
local IP addresses (preventing this sort of relay loop).
I don't have this version of Wingate available, so can't test these
workarounds.
