Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Jun 08 06 6:22 pm
Hello, all
interesting news from security analitics about WinGate:
http://www.security.nnov.ru/Ndocument13.html
Jun 08 06 10:59 pm
Aye, we have been notified about this exploit and are working on the fix - the patched version will be available shortly. Meanwhile, this exploit is dangerous mostly for those who have WWW proxy opened on the external interface - which is not a good practice anyway - or for those with ... erm... less than well-behaving employees internally. Anyway, the fixed version will be available shortly.
Jun 09 06 7:31 pm
Hi All
We have released a fix today. The problem was related to the DNS resolver, not the WWW proxy. It was discovered in the WWW proxy using requests containing extremely large hostnames, however large hostnames are also able to be submitted potentially with other services, including the POP3, Telnet, and (unconfirmed - pre-processing reduces vulnerability here) SMTP server.
The DNS resolver has been in WinGate since 5.0, so we recommend anyone using WinGate version 5.0 or later upgrade to 6.1.3 as soon as possible.
Regards
Adrien
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.