|
|
Family: Windows --> Category: infos
WinGate Compressed Name Pointer Denial of Service Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks version number in WinGate's banner
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote proxy is affected by a denial of service vulnerability.
Description :
The remote host appears to be running WinGate, a Windows application
for managing and securing Internet access.
The version of WinGate installed on the remote host contains a flaw
involving the processing of DNS requests with compressed name
pointers. By sending a specially-crafted DNS request to a UDP port on
which WinGate is listening, an unauthenticated remote attacker can
cause the affected application to consume 100% of the available CPU,
thereby denying service to legitimate users.
See also :
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=444
http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0398.html
http://forums.qbik.com/viewtopic.php?t=4215
Solution :
Upgrade to WinGate 6.2.0 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:N/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
