1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP SonicWALL SSL VPN ActiveX BO

HTTP SonicWALL SSL VPN ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in SonicWALL SSL VPN Client.

Additional Information

SonicWALL SSL VPN is an appliance designed to provide remote VPN access to the corporate network. It comes with ActiveX Controls that provide VPN client functionality in Internet Explorer.

SonicWALL SSL VPN is prone to multiple remote vulnerabilities:

- A vulnerability in the WebCacheCleaner ActiveX control allows remote attackers to delete arbitrary files on the client's computer through the 'fileDelete' function.

- A stack-based buffer-overflow vulnerability in the NELaunchCtrl ActiveX control presents itself because the 'AddRouteEntry' function fails to properly bounds-check user-supplied input that is passed to the second argument of the function. Also, multiple Unicode buffer-overflow vulnerabilities reside in the following properties of the ActiveX control: serverAddress, sessionId, clientIPLower, clientIPHigher, userName, domainName, dnsSuffix.

Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

These issues affect SonicWALL SSL VPN 1.3.0.3 software as well as WebCacheCleaner 1.3.0.3 and NeLaunchCtrl 2.1.0.49 ActiveX controls; other versions may also be vulnerable.

Affected

  • SonicWALL SSL VPN 2.5, 1.3 3
  • SonicWALL SSL VPN 200 2.1

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube