SonicWALL SOHO Denial of Service Vulnerability
BID:2013
Info
SonicWALL SOHO Denial of Service Vulnerability
| Bugtraq ID: | 2013 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 29 2000 12:00AM |
| Updated: | Nov 29 2000 12:00AM |
| Credit: | Discovered and posted to Bugtraq by Raptor <[email protected]> on Nov 29, 2000. |
| Vulnerable: |
SonicWALL SOHO 5.0 .0 SonicWALL SOHO 4.0 .0 |
| Not Vulnerable: | |
Discussion
SonicWALL SOHO Denial of Service Vulnerability
SonicWALL SOHO provides a secure internet connection for a network.
SonicWALL SOHO is subject to a denial of service. By specifying an unusually long username on the authentication page, SonicWALL SOHO will stop responding and refuse any new connections. This has been verified to last for up to 30 seconds until functionality resumes, although a restart of the service may be required in order to gain normal functionality. In addition, it has been verified that this vulnerability is exploitable by way of various malformed HTTP requests.
This vulnerability may be the result of a buffer overflow, although not verified this could lead to the execution of arbitrary code on the target host.
SonicWALL SOHO provides a secure internet connection for a network.
SonicWALL SOHO is subject to a denial of service. By specifying an unusually long username on the authentication page, SonicWALL SOHO will stop responding and refuse any new connections. This has been verified to last for up to 30 seconds until functionality resumes, although a restart of the service may be required in order to gain normal functionality. In addition, it has been verified that this vulnerability is exploitable by way of various malformed HTTP requests.
This vulnerability may be the result of a buffer overflow, although not verified this could lead to the execution of arbitrary code on the target host.
Solution / Fix
SonicWALL SOHO Denial of Service Vulnerability
Solution:
Offical vendor response:
SonicWALL, Inc. has released a firmware patch to address this issue. To receive this firmware patch, please contact SonicWALL support (http://techsupport.sonicwall.com/swtech.html) and reference bugtraq id 2013.
Solution:
Offical vendor response:
SonicWALL, Inc. has released a firmware patch to address this issue. To receive this firmware patch, please contact SonicWALL support (http://techsupport.sonicwall.com/swtech.html) and reference bugtraq id 2013.