Nov 12 2007
Highly critical Vulnerabilities in SonicWALL SSL VPN
| Secunia Advisory: | SA27469 | |
| Release Date: | 2007-11-02 | |
| Last Update: | 2007-11-06 | |
| Critical: |  Highly critical |
|
| Impact: | Manipulation of data System access |
|
| Where: | From remote | |
| Solution Status: | Vendor Patch | |
| OS: | SonicWALL SSL-VPN 200 2.x SonicWALL SSL-VPN 2000 2.x SonicWALL SSL-VPN 4000 2.x |
|
| CVE reference: | CVE-2007-5603 (Secunia mirror) CVE-2007-5814 (Secunia mirror) CVE-2007-5815 (Secunia mirror) |
|
| Description: Some vulnerabilities have been reported in SonicWALL SSL VPN, which can be exploited by malicious people to delete arbitrary files or to compromise a user’s system. 1) Boundary errors within the NetExtender NELaunchCtrl ActiveX control when handling arguments passed to certain methods (e.g. “AddRouteEntry()”, “serverAddress()”, “sessionId()”, “clientIPLower()”, “clientIPHigher()”, “userName()”, “domainName()”, and “dnsSuffix()”) can be exploited to cause buffer overflows when a user e.g. visits a malicious website. 2) The WebCacheCleaner ActiveX control includes the insecure method “FileDelete()”, which can be exploited to delete arbitrary files. The vulnerabilities are reported in WebCacheCleaner ActiveX control version 1.3.0.3 and NeLaunchCtrl ActiveX control version 2.1.0.49. Other versions may also be affected. Solution: Provided and/or discovered by: Changelog: Original Advisory: US-CERT VU#298521: |
||
No responses yet
Leave a Reply
You must be logged in to post a comment.