Sign-up

ID

VAR-200712-0158


CVE

CVE-2007-6273


TITLE

SonicWALL GLobal VPN Client Format string vulnerability in configuration files

Trust: 0.8

sources: JVNDB: JVNDB-2007-006406

DESCRIPTION

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries. SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions. Versions prior to SonicWALL Global VPN Client 4.0.0.830 are affected. Local attackers may use this vulnerability to elevate their privileges. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is caused due to a format-string error when processing a VPN configuration file. This can be exploited by e.g. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 3.1.0.556 and also reported in version 4.0.0.810. Other versions may also be affected. SOLUTION: The vendor has reportedly issued version 4.0.0.830, which fixes the vulnerability. PROVIDED AND/OR DISCOVERED BY: Discovered by lofi42 and reported via SEC Consult. ORIGINAL ADVISORY: SEC Consult (20071204-0): http://www.sec-consult.com/305.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-6273 // JVNDB: JVNDB-2007-006406 // BID: 26689 // VULHUB: VHN-29635 // PACKETSTORM: 61494

AFFECTED PRODUCTS

vendor:sonicwallmodel:global vpn clientscope:eqversion:3.1.556

Trust: 1.6

vendor:sonicwallmodel:global vpn clientscope:eqversion:4.0.0.810

Trust: 1.6

vendor:sonicwallmodel:global vpn clientscope:eqversion:3.1.556 and 4.0.0.810

Trust: 0.8

vendor:sonicwallmodel:global vpn clientscope:eqversion:4.0.782

Trust: 0.3

vendor:sonicwallmodel:global vpn clientscope:neversion:4.0.830

Trust: 0.3

sources: BID: 26689 // JVNDB: JVNDB-2007-006406 // CNNVD: CNNVD-200712-082 // NVD: CVE-2007-6273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-6273
value: HIGH

Trust: 1.0

NVD: CVE-2007-6273
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200712-082
value: CRITICAL

Trust: 0.6

VULHUB: VHN-29635
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-6273
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-29635
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-29635 // JVNDB: JVNDB-2007-006406 // CNNVD: CNNVD-200712-082 // NVD: CVE-2007-6273

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.8

sources: JVNDB: JVNDB-2007-006406 // NVD: CVE-2007-6273

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200712-082

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-200712-082

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-006406

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-29635

PATCH
title:GLobal VPN Clienturl:http://www.vpn-technology.com/Datasheets/Global_VPN_Client.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-006406

EXTERNAL IDS
db:NVDid:CVE-2007-6273
Trust: 2.8
db:BIDid:26689
Trust: 2.0
db:SECUNIAid:27917
Trust: 1.8
db:SECTRACKid:1019038
Trust: 1.7
db:VUPENid:ADV-2007-4094
Trust: 1.7
db:JVNDBid:JVNDB-2007-006406
Trust: 0.8
db:BUGTRAQid:20071204 SEC CONSULT SA-20071204-0 :: SONICWALL GLOBAL VPN CLIENT FORMAT
Trust: 0.6
db:NSFOCUSid:11231
Trust: 0.6
db:CNNVDid:CNNVD-200712-082
Trust: 0.6
db:SEEBUGid:SSVID-84204
Trust: 0.1
db:EXPLOIT-DBid:30840
Trust: 0.1
db:VULHUBid:VHN-29635
Trust: 0.1
db:PACKETSTORMid:61494
Trust: 0.1
sources:
            
            
            VULHUB: VHN-29635 // 
            
            
            
            BID: 26689 // 
            
            
            
            JVNDB: JVNDB-2007-006406 // 
            
            
            
            PACKETSTORM: 61494 // 
            
            
            
            CNNVD: CNNVD-200712-082 // 
            
            
            
            NVD: CVE-2007-6273

REFERENCES
url:http://www.sec-consult.com/305.html
Trust: 2.1
url:http://www.securityfocus.com/bid/26689
Trust: 1.7
url:http://www.securitytracker.com/id?1019038
Trust: 1.7
url:http://secunia.com/advisories/27917
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=119678272603064&w=2
Trust: 1.6
url:http://www.vupen.com/english/advisories/2007/4094
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6273
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6273
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/4094
Trust: 0.6
url:http://www.nsfocus.net/vulndb/11231
Trust: 0.6
url:http://www.vpn-technology.com/datasheets/global_vpn_client.pdf
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=119678272603064&w=2
Trust: 0.1
url:http://secunia.com/product/16784/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/27917/
Trust: 0.1
url:http://secunia.com/product/16783/
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-29635 // 
            
            
            
            BID: 26689 // 
            
            
            
            JVNDB: JVNDB-2007-006406 // 
            
            
            
            PACKETSTORM: 61494 // 
            
            
            
            CNNVD: CNNVD-200712-082 // 
            
            
            
            NVD: CVE-2007-6273

CREDITS
Bernhard Mueller research@sec-consult.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200712-082

SOURCES
db:VULHUBid:VHN-29635
db:BIDid:26689
db:JVNDBid:JVNDB-2007-006406
db:PACKETSTORMid:61494
db:CNNVDid:CNNVD-200712-082
db:NVDid:CVE-2007-6273

LAST UPDATE DATE
2025-04-10T23:19:57.999000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-29635date:2011-03-08T00:00:00
db:BIDid:26689date:2007-12-13T20:22:00
db:JVNDBid:JVNDB-2007-006406date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200712-082date:2007-12-10T00:00:00
db:NVDid:CVE-2007-6273date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-29635date:2007-12-07T00:00:00
db:BIDid:26689date:2007-12-04T00:00:00
db:JVNDBid:JVNDB-2007-006406date:2012-12-20T00:00:00
db:PACKETSTORMid:61494date:2007-12-06T03:48:33
db:CNNVDid:CNNVD-200712-082date:2007-12-07T00:00:00
db:NVDid:CVE-2007-6273date:2007-12-07T11:46:00