CVE-2004-0577
CVSS5.0
发布时间 :2004-12-06 00:00:00
修订时间 :2016-10-17 22:46:17
NMCOPS    

[原文]WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory.


[CNNVD]Qbik WinGate信息披露漏洞(CNNVD-200412-028)

        WinGate 5.2.3 build 901和6.0beta 2 build 942及如:5.0.5的其他版本存在漏洞。远程攻击者借助wingate-内部目录的URL请求读取根目录的任意文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:qbik:wingate:6.0_beta_2
cpe:/a:qbik:wingate:5.0.5
cpe:/a:qbik:wingate:5.2.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0577
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0577
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-028
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=full-disclosure&m=108872788123695&w=2
(UNKNOWN)  FULLDISC  20040701 iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure
http://www.idefense.com/application/poi/display?id=113
(UNKNOWN)  MISC  http://www.idefense.com/application/poi/display?id=113
http://xforce.iss.net/xforce/xfdb/16589
(VENDOR_ADVISORY)  XF  wingate-directory-traversal(16589)

- 漏洞信息

Qbik WinGate信息披露漏洞
中危 输入验证
2004-12-06 00:00:00 2006-09-22 00:00:00
远程  
        WinGate 5.2.3 build 901和6.0beta 2 build 942及如:5.0.5的其他版本存在漏洞。远程攻击者借助wingate-内部目录的URL请求读取根目录的任意文件。

- 公告与补丁

        The vendor has released an upgrade dealing with this issue.
        Qbik WinGate Plus 5.0.5
        
        Qbik WinGate Pro 5.0.5
        
        Qbik WinGate Plus 5.2.3 Build 901
        
        Qbik WinGate Pro 5.2.3 Build 901
        
        Qbik WinGate Pro 6.0 Beta 2 Build 942
        
        Qbik WinGate Plus 6.0 Beta 2 Build 942
        

- 漏洞信息 (F33701)

iDEFENSE Security Advisory 2004-07-01.t (PacketStormID:F33701)
2004-07-02 00:00:00
iDefense Labs  idefense.com
advisory,arbitrary,info disclosure
CVE-2004-0577,CVE-2004-0578
[点击下载]

iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure Vulnerability - An input validation vulnerability in Qbik WinGate allows attackers to retrieve arbitrary system files.

WinGate Information Disclosure Vulnerability

iDEFENSE Security Advisory 07.01.04:

I. BACKGROUND

WinGate is an Internet sharing and proxy application that allows for
monitoring and remote administration. More information is available at
http://www.wingate.com/product-wingate.php

II. DESCRIPTION

Remote exploitation of an input validation vulnerability in Qbik WinGate
allows attackers to retrieve arbitrary system files.

WinGate authenticates proxy users via a Java applet served through a
built-in web server. The following request causes the server to retrieve
a file from its root directory which is equivalent to the install
directory:

    http://wingate.example.com/wingate-internal/filename
   
It is possible to retrieve arbitrary files outside the context of the
root directory by preceding the path with an extra slash in the case of
WinGate 5 and two extra slashes in the case of WinGate 6. For example:

    http://wingate5.example.com/wingate-internal//path
    http://wingate6.example.com/wingate-internal///path

III. ANALYSIS

Successful exploitation allows unauthenticated remote attackers to
retrieve the contents of arbitrary files. WinGate, by default, runs
under the context of localsystem allowing for the retrieval of backup
Windows SAM files.

IV. DETECTION

iDEFENSE has confirmed that WinGate version 5.2.3 build 901 and version
6.0 beta 2 build 942 are vulnerable. Version 5.0.5 is also reported as
vulnerable. It is suspected that earlier versions are vulnerable as
well.

V. WORKAROUND

Disable the WWW Proxy server.

VI. VENDOR RESPONSE

"In general people don't bind their WWW Proxy to external interfaces, so
this exploit is generally not available from the internet.  However it
does seem to bypass local LAN security."

WinGate beta 3 (build 959) addresses the vulnerabilities and is
available for download at:

http://www.wingate.com/download.php

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
names CAN-2004-0577 and CAN-2004-0578 to these issues. This is a
candidate for inclusion in the CVE list (http://cve.mitre.org), which
standardizes names for security problems.

VIII. DISCLOSURE TIMELINE

09/27/03   Exploit acquired by iDEFENSE
06/04/04   Initial vendor notification
06/10/04   Secondary vendor notification
06/21/04   iDEFENSE clients notified
06/23/04   Initial vendor response
07/01/04   Public Disclosure

IX. CREDIT

An anonymous contributor is credited with discovering this
vulnerability.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

X. LEGAL NOTICES

Copyright     

- 漏洞信息

7331
WinGate Proxy Arbitrary File Retrieval
Remote / Network Access
Loss of Confidentiality Workaround, Upgrade
Exploit Private Vendor Verified, Coordinated Disclosure

- 漏洞描述

- 时间线

2004-07-01 Unknow
2004-07-01 2004-07-01

- 解决方案

Upgrade to version beta 3 (build 959) or higher, as it has been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the following workaround: Disable the WWW Proxy server.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Qbik WinGate Information Disclosure Vulnerability
Input Validation Error 10646
Yes No
2004-07-01 12:00:00 2009-07-12 05:16:00
An anonymous contributor is credited with discovery.

- 受影响的程序版本

Qbik WinGate Pro 6.0 Beta 2 Build 942
Qbik WinGate Pro 5.2.3 Build 901
Qbik WinGate Pro 5.0.5
Qbik WinGate Plus 6.0 Beta 2 Build 942
Qbik WinGate Plus 5.2.3 Build 901
Qbik WinGate Plus 5.0.5

- 漏洞讨论

WinGate is reported susceptible to an information disclosure vulnerability in its HTTP proxy server.

An internal web server contained in WinGate improperly allows attackers access to read arbitrary files outside of its document root. WinGate by default runs as the localsystem user, therefore this vulnerability allows remote attackers to read system files.

An attacker can exploit this issue to read arbitrary files contained on the WinGate computer. These files may contain sensitive information that may aid in further attacks.

- 漏洞利用

No exploit is required.

- 解决方案

The vendor has released an upgrade dealing with this issue.


Qbik WinGate Plus 5.0.5

Qbik WinGate Pro 5.0.5

Qbik WinGate Plus 5.2.3 Build 901

Qbik WinGate Pro 5.2.3 Build 901

Qbik WinGate Pro 6.0 Beta 2 Build 942

Qbik WinGate Plus 6.0 Beta 2 Build 942

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站