Qbik WinGate Remote HTTP Request Buffer Overflow Vulnerability
BID:18312
CVE-2006-2926 |Info
Qbik WinGate Remote HTTP Request Buffer Overflow Vulnerability
| Bugtraq ID: | 18312 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 07 2006 12:00AM |
| Updated: | Jun 07 2006 08:27PM |
| Credit: | kcope <[email protected]> discovered this vulnerability. |
| Vulnerable: |
Qbik WinGate 6.1.1 .1077 |
| Not Vulnerable: | |
Discussion
Qbik WinGate Remote HTTP Request Buffer Overflow Vulnerability
Qbik WinGate is susceptible to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code in the context of affected proxy servers. This facilitates the remote compromise of affected computers. Failed exploit attempts will crash the proxy server, denying service to legitimate users.
Version 6.1.1.1077 is vulnerable to this issue; other versions may also be affected.
Qbik WinGate is susceptible to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code in the context of affected proxy servers. This facilitates the remote compromise of affected computers. Failed exploit attempts will crash the proxy server, denying service to legitimate users.
Version 6.1.1.1077 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Qbik WinGate Remote HTTP Request Buffer Overflow Vulnerability
The following exploit is available to demonstrate this issue:
The following exploit is available to demonstrate this issue:
Solution / Fix
Qbik WinGate Remote HTTP Request Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
Qbik WinGate Remote HTTP Request Buffer Overflow Vulnerability
References:
References:
- INFIGO IS Security Advisory #INFIGO-2006-08-04 (INFIGO Information Security)
- WinGate Product Homepage (Qbik)