Vulnerabilities > CVE-2006-2926 - Remote HTTP Request Buffer Overflow vulnerability in Qbik Wingate 6.1.1.1077

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
qbik
nessus
exploit available
metasploit

Summary

Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.

Vulnerable Configurations

Part Description Count
Application
Qbik
1

Exploit-Db

  • descriptionQbik WinGate WWW Proxy Server URL Processing Overflow. CVE-2006-2926. Remote exploit for windows platform
    idEDB-ID:16690
    last seen2016-02-02
    modified2010-09-20
    published2010-09-20
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16690/
    titleQbik WinGate WWW Proxy Server URL Processing Overflow
  • descriptionQBik Wingate 6.1.1.1077 (POST) Remote Buffer Overflow Exploit. CVE-2006-2926. Remote exploit for windows platform
    idEDB-ID:1885
    last seen2016-01-31
    modified2006-06-07
    published2006-06-07
    reporterkingcope
    sourcehttps://www.exploit-db.com/download/1885/
    titleQBik Wingate 6.1.1.1077 POST Remote Buffer Overflow Exploit

Metasploit

descriptionThis module exploits a stack buffer overflow in Qbik WinGate version 6.1.1.1077 and earlier. By sending malformed HTTP POST URL to the HTTP proxy service on port 80, a remote attacker could overflow a buffer and execute arbitrary code.
idMSF:EXPLOIT/WINDOWS/PROXY/QBIK_WINGATE_WWWPROXY
last seen2020-01-25
modified2017-11-08
published2010-02-18
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2926
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/proxy/qbik_wingate_wwwproxy.rb
titleQbik WinGate WWW Proxy Server URL Processing Overflow

Nessus

NASL familyWindows
NASL idWINGATE_613.NASL
descriptionThe remote host appears to be running WinGate Proxy Server, a Windows application for managing and securing Internet access. According to its banner, the version of WinGate installed on the remote host is affected by a buffer overflow vulnerability in its HTTP proxy service. An attacker with access to use the proxy may be able to exploit this issue to execute arbitrary code on the remote host. Note that by default the service operates with LOCAL SYSTEM privileges, which means that a successful attack may result in a complete compromise of the affected system.
last seen2020-06-01
modified2020-06-02
plugin id21674
published2006-06-09
reporterThis script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/21674
titleWinGate POST Request Buffer Overflow
code
#
# (C) Tenable Network Security
#

include("compat.inc");

if (description)
{
  script_id(21674);
  script_version("1.16");

  script_cve_id("CVE-2006-2926");
  script_bugtraq_id(18312);

  script_name(english:"WinGate POST Request Buffer Overflow");
  script_summary(english:"Checks version number in WinGate's banner");

 script_set_attribute(attribute:"synopsis", value:
"The remote HTTP proxy server is prone to a buffer overflow attack." );
 script_set_attribute(attribute:"description", value:
"The remote host appears to be running WinGate Proxy Server, a Windows
application for managing and securing Internet access. 

According to its banner, the version of WinGate installed on the
remote host is affected by a buffer overflow vulnerability in its HTTP
proxy service.  An attacker with access to use the proxy may be able
to exploit this issue to execute arbitrary code on the remote host. 

Note that by default the service operates with LOCAL SYSTEM
privileges, which means that a successful attack may result in a
complete compromise of the affected system." );
 script_set_attribute(attribute:"see_also", value:"http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046646.html" );
 script_set_attribute(attribute:"see_also", value:"http://forums.qbik.com/viewtopic.php?t=4215" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to WinGate 6.1.3 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Qbik WinGate WWW Proxy Server URL Processing Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');
 script_set_attribute(attribute:"plugin_publication_date", value: "2006/06/09");
 script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/07");
 script_cvs_date("Date: 2018/08/22 16:49:14");
 script_set_attribute(attribute:"plugin_type", value: "remote");
 script_end_attributes();


  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("http_version.nasl");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:80);

# There's a problem if the banner is for WinGate < 6.1.3.
banner = get_http_banner(port:port, exit_on_fail: 1);
if (
  egrep(pattern:"^Server: +WinGate ([0-5]\.|6\.(0\.|1\.[0-2][^0-9]))", string:banner)
) security_hole(port);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/86449/qbik_wingate_wwwproxy.rb.txt
idPACKETSTORM:86449
last seen2016-12-05
published2010-02-19
reporterpatrick
sourcehttps://packetstormsecurity.com/files/86449/Qbik-WinGate-WWW-Proxy-Server-URL-Processing-Overflow.html
titleQbik WinGate WWW Proxy Server URL Processing Overflow