ID
VAR-200905-0411
TITLE
SonicWALL SSL-VPN 'cgi-bin/welcome/VirtualOffice' Remote Format String Vulnerability
Trust: 0.3
DESCRIPTION
Multiple SonicWALL SSL-VPN devices are prone to a remote format-string vulnerability because they fail to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Attackers may exploit this issue to run arbitrary code in the context of the affected application. Failed attempts may cause denial-of-service conditions. The following are vulnerable: SSL-VPN 200 firmware prior to 3.0.0.9 SSL-VPN 2000 firmware prior to 3.5.0.5 SSL-VPN 4000 firmware prior to 3.5.0.5
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | sonicwall | model: | ssl-vpn | scope: | eq | version: | 40003.54 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-vpn | scope: | eq | version: | 20003.54 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-vpn | scope: | eq | version: | 2003.08 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl vpn | scope: | eq | version: | 2002.1 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-vpn | scope: | ne | version: | 40003.55 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-vpn | scope: | ne | version: | 20003.55 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-vpn | scope: | ne | version: | 2003.09 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 35145 | Trust: 0.3 |
REFERENCES
| url: | http://www.aushack.com/200905-sonicwall.txt | Trust: 0.3 |
| url: | http://www.sonicwall.com | Trust: 0.3 |
| url: | /archive/1/503913 | Trust: 0.3 |
CREDITS
Patrick Webster
Trust: 0.3
SOURCES
| db: | BID | id: | 35145 |
LAST UPDATE DATE
2022-05-17T01:51:52.689000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 35145 | date: | 2009-05-29T19:09:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 35145 | date: | 2009-05-29T00:00:00 |